[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.

[Daniel Yakmut]

+1 to Mark's

On 11/06/2021 5:49 pm, Mark Tinka wrote:

> Hi all.

>

> TL;DR - I do not support this policy proposal.

>

> The purpose of this proposal is to give operators another method to 

> identify routes they should either ignore or filter from their routing 

> domain. It is, already, feasible to do this using the data available 

> from the AFRINIC WHOIS database. Implementing this policy does present 

> the potential to introduce some risk in the RPKI system operated by 

> AFRINIC. On the basis that the use of this policy is largely optional, 

> I am not convinced that the additional risk to the AFRINIC 

> infrastructure - and the folk who rely on it - outweighs the benefit.

>

> Getting RPKI out there is already significantly challenging. 

> Personally, I would spend more time and energy on that, before we try 

> to complicate it with a policy proposal such as this.

>

> I am less-than-interested in what the other RIR's have decided to do 

> or not to do with similar policy proposals within their regions. 

> Speaking purely with an African bias, I do not see how this proposal 

> moves the RPKI needle forward in a meaningful and impactful way. For 

> me, it's a nice-to-have, for which solutions that are well-documented 

> are already in sufficient existence. I'd prefer that we did not 

> encourage thought processes that could turn RPKI into a loaded gun 

> that may very well lead to unintended consequences.

>

> Suggest we focus our efforts on actually getting RPKI more widely 

> deployed. A case of "crawl before we can run", type-thing.

>

> I tend to prefer achieving the objective with the least amount of 

> effort. If it were up to me, the only command a router would ever need 

> is "on", but alas! Pushing multiple TAL's from a single RIR will only 

> escalate the confusion surface area, which is more than likely to have 

> a negative impact on the progression of deployment of a global RPKI, 

> or worse, mis-deployment that may be touted as a BCP for generations 

> to come.

>

> A policy such as this could set a precedent for significantly more 

> (well-intentioned, but) disastrous use-cases for the RPKI. I'd err on 

> the side of avoiding situations where centralized control of 

> gratuitous blackouts of part or all of the Internet, on purpose or by 

> mistake, are not given roots to emerge. Keeping the genie in the 

> bottle is, for me, far better than thinking you can cage it once it 

> has been set free.

>

> AS0 is unlikely to help me stop paying the annual subscription for my 

> anti-spam and anti-virus system. If there is some other practical 

> problem - for which a solution currently does not exist - that this 

> policy proposal is looking to fix, I'd be most obliged to hear it. Thanks.

>

> Mark.

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net

> https://lists.afrinic.net/mailman/listinfo/rpd

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210611/860096e5/attachment.html>