Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.

Daniel Yakmut yakmutd at
Fri Jun 11 21:57:40 UTC 2021

+1 to Mark's

On 11/06/2021 5:49 pm, Mark Tinka wrote:

> Hi all.


> TL;DR - I do not support this policy proposal.


> The purpose of this proposal is to give operators another method to

> identify routes they should either ignore or filter from their routing

> domain. It is, already, feasible to do this using the data available

> from the AFRINIC WHOIS database. Implementing this policy does present

> the potential to introduce some risk in the RPKI system operated by

> AFRINIC. On the basis that the use of this policy is largely optional,

> I am not convinced that the additional risk to the AFRINIC

> infrastructure - and the folk who rely on it - outweighs the benefit.


> Getting RPKI out there is already significantly challenging.

> Personally, I would spend more time and energy on that, before we try

> to complicate it with a policy proposal such as this.


> I am less-than-interested in what the other RIR's have decided to do

> or not to do with similar policy proposals within their regions.

> Speaking purely with an African bias, I do not see how this proposal

> moves the RPKI needle forward in a meaningful and impactful way. For

> me, it's a nice-to-have, for which solutions that are well-documented

> are already in sufficient existence. I'd prefer that we did not

> encourage thought processes that could turn RPKI into a loaded gun

> that may very well lead to unintended consequences.


> Suggest we focus our efforts on actually getting RPKI more widely

> deployed. A case of "crawl before we can run", type-thing.


> I tend to prefer achieving the objective with the least amount of

> effort. If it were up to me, the only command a router would ever need

> is "on", but alas! Pushing multiple TAL's from a single RIR will only

> escalate the confusion surface area, which is more than likely to have

> a negative impact on the progression of deployment of a global RPKI,

> or worse, mis-deployment that may be touted as a BCP for generations

> to come.


> A policy such as this could set a precedent for significantly more

> (well-intentioned, but) disastrous use-cases for the RPKI. I'd err on

> the side of avoiding situations where centralized control of

> gratuitous blackouts of part or all of the Internet, on purpose or by

> mistake, are not given roots to emerge. Keeping the genie in the

> bottle is, for me, far better than thinking you can cage it once it

> has been set free.


> AS0 is unlikely to help me stop paying the annual subscription for my

> anti-spam and anti-virus system. If there is some other practical

> problem - for which a solution currently does not exist - that this

> policy proposal is looking to fix, I'd be most obliged to hear it. Thanks.


> Mark.


> _______________________________________________

> RPD mailing list

> RPD at


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the RPD mailing list