Search RPD Archives
[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.
nishal at controlfreak.co.za
Tue Jun 15 22:23:30 UTC 2021
On 14 Jun 2021, at 22:24, Korsback, Fredrik via RPD wrote:
hello, and welcome,
> Looking at the already implemented AS0 TAL in APNIC for example it
> comes with a great deal of warning-signs and “do not use” labels
> attached to it already, who in their right mind would use it?
makes me think of a cigarette analogy that was earlier mentioned.. :-)
> I spend a large portion of my days to educate and inspire, especially
> small ISPs in the world, to implement RPKI and other routing-security
> related features, why would people implement this? Especially since
> RPKI is hard-enough as it is to get going in some networks. I can’t
> see the reason for this increase in complexity and “if and buts”
could you please explain *how* the AS0 TAL adds to the complexity of
_deploying_ RPKI in these networks, especially if the TAL is optional.
presumably, if you _opt_ to use this, you:
# know what a TAL is, and/or
# have been warned, and/or
# been taught, and/or
# self-selected to install this ..
one would hope that, if you took the effort to install this
intentionally, you have read the installation screen text :-)
> Why would a RIR accept this increased liability in what they are
> delivering for their customers? For not apparent upside
you can’t premise an argument on the basis of “why would someone
else do this?”. people think differently. sure, there are non-zero
risks attached to this, yes. but it’s smarter to highlight and
explain those risks; as job did, when he pointed to a failure situation
when going from ALLOCATED -> UNALLOCATED with no intermediate step.
understanding that risk, and proposed mitigation if at all applicable -
is what this working group needs to identify if this policy should pass
> I do appreciate the effort to look for solutions for
> spoofers/squatters and whatnot, but I don’t see RPKI as the right
> tool to use for this but rather a One-Way door to something we cannot
> change later. I much rather see the money, time, effort and cycles to
> be spent on increasing operational stability for RPKI, better APIs,
> better GUI and better supporting features for lowering the bar of
> entry into RPKI, not specific to AFRINIC per say but for everyone.
i think you missed the other thread, and perhaps the earlier DBWG
meetings where afrinic laid out that this is happening separately.
> We, will not implement this AS0 TAL, nor any other AS0 TAL.
as is your right :-)
but if frank wants to use it, then we really need a better argument than
“$ is not doing it, and therefore you shouldn’t”. i appreciate
that you have a wildly different perspective, and experience, and as a
working group, we would benefit more if you could use that perspective
and experience, and point to (a) failure case scenario(s) that is/are of
concern, that have/has been missed in the discussion.
More information about the RPD