Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.

Noah noah at
Fri Jun 11 21:50:28 UTC 2021

On Wed, 9 Jun 2021, 11:21 Ben Maddison via RPD, <rpd at> wrote:

> Hi Frank,


> On 06/09, Frank Habicht wrote:

> > Hi Job,

> >

> I realise that your response was directed at Job, but I'll respond

> anyway...


> > [co-author writing]

> >

> > On 08/06/2021 17:36, Job Snijders via RPD wrote:

> > > At the moment of writing, the AFRINIC Trust Anchor has excellent

> > > standing in the global community. If AFRINIC starts publishing RPKI

> > > ROAs for Unallocated or Unassigned space, unfortunately, I'll have to

> > > consider the AFRINIC RPKI Trust Anchor to be UNFIT FOR RELYING.

> >

> > I believe the current Trust Anchor will not be touched.

> > A new one will be created.

> > Why would your opinion about the current TA change?

> > It is acceptable that you will consider the new TA unfit.

> > I would think the first one could still be fine for you.

> >

> The draft policy *does not* mandate that a separate TA be used.

> I have previously suggested that this should be mandated in the policy,

> but this was not done.


> As long as the draft merely says that a different TA *could* be used,

> defences in this vein are bogus.


If am reading you crystal clear, an editorial update or perhaps a clear
sentence that **mandates** a separate TAL could suffice.

> > > Implementation of this proposal will put years of AFRINIC's work and

> > > investment in RPKI at risk, ... a pretty crazy situation! :-(

> > >

> > > Danger to AFRINIC members

> > > =========================

> > >

> > > If this policy proposal is implemented, the ultimate consequences is

> > > that certain types of disputes between members and AFRINIC will result

> > > in severe connectivity problems for the member. Some members might

> > > think, "that will never happen to me, I always pay my bills on time!"

> >

> > I have the tendency to look for root-causes.

> > Why would the "certain types of disputes" come into existence...?

> > Can it be avoided? ;-)

> >

> No, it is not possible to eliminate the potential for conflict between

> resource holders and AFRINIC.


> Some scenarios that I can anticipate:


> - Sanctions actions

> - Ex-parte injunctions

> - Banking/payment clearance disruptions

> - Bona fide disputes arising from the RSA

> - Bona fide disputes arising from the CPM

> - Administrative error


> ... and probably many more that I have not thought of.


> This policy elevates each one from an administrative inconvenience to a

> DOS at the scale of (potentially) millions of Internet users.


Attention: AFRINIC staff;

What are the chances that this policy once adopted could potentially lead
to some future DDOS? with millions of Internet users suffering?

By million we are assuming perhaps an LIR with millions of down stream

Or by millions of internet users, we are assuming that AFRINIC will
potentially flag both allocated and unallocated space with an AS0 ROA!... I
am trying to think out loud.

Else by million of Internet users, we are assuming that an LIR with
millions of downstream users will self flag their own allocated space with
an AS0 ROA.

Lastly, for RIR where the policy has been adopted, can AFRINIC staff get
feedback on what the situation is those parts of the world?

Thank You.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the RPD mailing list