Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.

Fernando Frediani fhfrediani at gmail.com
Tue Jun 15 22:41:58 UTC 2021


Hi

On 15/06/2021 15:59, Job Snijders via RPD wrote:

> Dear Noah, others,

>

> This policy proposal strikes at the heart of the design of the global

> Internet routing system. The Internet works so well because it is a

> series of clever fail-open fail-safe mechanisms. This proposal converts

> a fail-open into a fail-closed.

>

> The policy 'protects' the wrong asset (the UNUSED resources), and in

> doing so puts the real valuable assets at risk (the IPs that we actually

> USE in our day to day communication).

Fair point of view although I don't see anything wrong in willing to
protect unallocated addresses as well. They will be allocated at some
point and and if used in the mean time it can damage its reputation for
future members.

>

> <clip>

>

> The proposal also does nothing productive against BGP hijacking: the

> only _problematic_ BGP hijacks, are the ones where someone hijacks IP

> space that someone else already was USING for an Internet service!

> Even worse, the proposal puts RPKI's reputation at risk, so in an

> indirect way the policy proposal might make BGP hijacking worse!

Why don't you see as a hijack the usage of unallocated space ? When that
happen it is likely to be used for something wrong, plus the issue
stated above that damages the reputation of those stolen space that will
be allocated for future members.
Any IP space (allocated or not) should be protected against usage by
unauthorized. I agree the used ones are more important, but even the
unallocated have their importance too.

>

> We know of multiple technical long-lasting Database Registration and

> RPKI incidents at the RIR level in the last two years. We know for sure

> that future incidents will happen too, because we can't build perfect

> software. This convinced me that this type of policy is a

> mis-application of the RPKI technology. Deployment of AS 0 TALs

> decrease the overall reliability of the Internet. The proposal is akin

> to a ticking time bomb.

It would be a miss-application if used from a different propose than it
was thought. AS0 ROAs are to be used to sign by the rightful resource
holder that some IP space it not permitted to be announced. The rightful
resource holder of most currently unallocated space are the RIRs.

>

> Multiple recognized experts in the field (from all over the world) have

> spoken against this proposal. This in itself should be a red flag that

> something is wrong.

Fair enough. But why didn't they come here at the time of the discussion
to collaborate ? Or at least someone objecting it didn't share their
reasons to object it so community could evaluate it ?

>

> Even worse, there are non-technical problems that affect entire

> countries, such as sanctions. When an entire country is banned from

> conducting business (parts of) the rest of the world... do we truly

> believe that also taking away their Internet access is the humane things

> to do? I don't! This proposal is a pathway towards such a future event.

With or without the existence of RPKI that would happen sooner or later
they would loose access if it was the case.
But I fail to remember a situation as described where a RIR or even a
local court in the country the RIR operates ordered such thing based on
sanctions.

>

> I work to keep the Internet up, I work to keep communication lines open

> between communities.

Great, I think most of us too. But I prefer to do that within the
current and well established rules so I would expect any organization to
keep their lines opened inside the same rules.

>

> A BGP route to an unassigned IP block, might be your only route to a

> million fellow human beings.


Correct me if I am wrong, but are you justifying the missusage of
unallocated space as long it provides connectivity to some human being ?
If so I can't agree with it.

Regards
Fernando


>

> Kind regards,

>

> Job

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net

> https://lists.afrinic.net/mailman/listinfo/rpd





More information about the RPD mailing list