Search RPD Archives
[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.
owen at delong.com
Tue Jun 29 08:36:55 UTC 2021
> On Jun 27, 2021, at 14:55 , Noah <noah at neo.co.tz> wrote:
> On Sat, Jun 26, 2021 at 11:35 AM Owen DeLong <owen at delong.com <mailto:owen at delong.com>> wrote:
>>> So in the AFRINIC region, network abuse incidents have been reported on this very list as recent as this year and we have had incidents of misappropriation  of INR as well.
>>>  https://lists.afrinic.net/pipermail/community-discuss/2020-August/003678.html <https://lists.afrinic.net/pipermail/community-discuss/2020-August/003678.html>
>> Your example cites resources that were misappropriated in such a way that they could have had ROAs issued that would have further masked the misappropriation.
>> I read "further masked" ... eeeh heh ?
> In other words, given the way those resources were misappropriated, they could have still had (apparently) valid ROAs attesting to their origin ASN providing an additional
> assurance that this stolen space was in legitimate use.
> Are we talking about bogons ROA'd with the AS0 tag?
No, I’m saying that the example you cite likely would not have received AS0 ROAs even with this policy in place and likely could well have had ROAs
attesting to the ASN that was advertising the misappropriated space.
> Hence providing additional disguise…further masking…
Are you serious? If you have an AS X that receives misappropriated addresses at the end of the misappropriation chain that is able to get the RIR to
sign ROAs attesting to their origination of the prefix, given that the misappropriation happened at the hands of an RIR insider, how are you not able
to see this plainly?
> Does that clarify for you?
> No it does not...
Wow… Well, hopefully the above rather detailed explanation is simple enough for you this time.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the RPD