Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.

Owen DeLong owen at delong.com
Thu Jul 22 05:28:17 UTC 2021





> On Jun 8, 2021, at 07:05 , Mark Elkins <mje at posix.co.za> wrote:

>

> 1) I have on my laptop - RPD emails going back to November 2018 - and I have never ever seen a post from jeffery_sky <jeffery_sky-99 at yahoo.com> <mailto:jeffery_sky-99 at yahoo.com> before (just checked).

>

> 2) The only information that is "being injected" is into the space that AFRINIC has not yet allocated/assigned to any Member - which will just make it easier on the few routers that look at RPKI information to see that a very bad actor is using space that should not be visible on the Internet at all. The only folk that this should bother is Bad Actors who have using this unallocated /unassigned space on the Internet (thieves?)

>

>

Are you saying that reclaimed/revoked space will not be subject to AS0 ROAs for unallocated space? If so, please point to this specific protection in the policy.

In reality, if that is the case, it provides adequate protection, but it also makes the policy rather useless as it only temporarily covers the remaining tidbits of the last /8 that are still in inventory.


> I really don't understand the problem. All all the objectors thieves? (wanting to use/route something that does not belong to them).

>


Consider AFRINIC’s recent actions earlier this month surrounding certain court cases and I think you will better understand the issue. It’s not about using/routing what doesn’t belong to you, it’s about concern what happens when there is a difference of opinion between you and the RIR about who certain space belongs to.

Owen


>

> On 6/8/21 3:21 PM, jeffery_sky via RPD wrote:

>>

>> Hello,

>> To clarify, these concerns are becoming repetitive due to the lack of adequate responses from the concerned stakeholders. Also, I want to address the fact that the real problem here is not RPKI in any way. What is really bothering me is that RIR is injecting its own data into RPKI, which makes the previous argument about how signing space is invalid.Further, the usage of RPKI will lead toAS0 all unallocated space for you. Consequently, the routing changes.

>> I understand that some of these concerns are repeated, but I think it is because they were not addressed properly. The responses provided are mainly vague and it seems to me that you are dodging the comments by bringing the Last call phase procedure and calling out the PDWG co-chairs.

>> The last call phase is dedicated to this type of discussions, and if several people are not convinced, it simply means that the co-authors should try providing insightful responses that go straight to the point, not vague ones. If this vicious cycle and the lack of proper answers continues, consensus will never happen, and the policy cannot be implemented. Also, most of the raised objections have nothing to do with technicalities, therefore, they are meant to be discussed on the RPD. Finally, the arguments you perceive repeated, have not been received accurate replies, which means they will keep popping out. Consequently, the best thing to do, is to dig deeper in this proposal, instead of labelling the arguments as invalid.In the hope of receiving insightful answers...

>>

>> Best.

>>

>>

>> On Tuesday, June 8, 2021, 9:40:10 PM GMT+9, Fernando Frediani <fhfrediani at gmail.com> <mailto:fhfrediani at gmail.com> wrote:

>>

>>

>> +1

>>

>> Excelent and simple answer.

>>

>> Em 6/8/2021 3:01 AM, Frank Habicht escreveu:

>> > Hi

>> >

>> > On 08/06/2021 01:45, Daniel Yakmut via RPD wrote:

>> >> Hi,

>> >>

>> >> Are you postulating here that Resources not allocated are susceptible to

>> >> hijack?

>> > - resources are susceptible to hijack.

>> > - if a ROA with AS0 was published for an unallocated resource, it would

>> > be less susceptible to hijack.

>> >

>> >

>> >> My other understanding is an RIR is a resource dispenser.

>> > When I get my next resource from AfriNIC, I will prefer one that was not

>> > previously hijacked and used for spamming and network abuse, and got

>> > blacklisted and a bad reputation everywhere.

>> >

>> > What about you?

>> >

>> >

>> > Thanks,

>> > Frank

>> >

>> >

>> >> Simply

>> >> Daniel

>> >>

>> >> On Mon, Jun 7, 2021, 11:30 PM Fernando Frediani <fhfrediani at gmail.com <mailto:fhfrediani at gmail.com>

>> >> <mailto:fhfrediani at gmail.com <mailto:fhfrediani at gmail.com>>> wrote:

>> >>

>> >> AfriNic (or any other RIR) is the resource holder for IP space that

>> >> IANA has allocated to it. So who else could secure that space until

>> >> it is assigned to an organization issuing ROAs if not the current

>> >> resource holder ?

>> >>

>> >> Must we have a policy accepted by either RIPE or ARIN first in order

>> >> to accept it in AfriNic afterwards ?

>> >> This is not a worry to the RIR, it is actually an additional

>> >> guarantee that no one else will try to make usage of IP space under

>> >> its responsability.

>> >>

>> >> Fernando

>> >>

>> >> On 07/06/2021 19:14, Daniel Yakmut via RPD wrote:

>> >>> Dear Jordi,

>> >>>

>> >>> Just out of curiosity why has RIPE and ARIN refused to adopt the

>> >>> RPKI ROA and make it their responsibility that it is used by

>> >>> resource holder?. I will agree that RPKI ROA is a good tool to

>> >>> secure BGP routing, however I don't see as the responsibility of

>> >>> an RIR to implement it.

>> >>>

>> >>> My strong opinion is that any resource holder should be

>> >>> responsible for securing its resources and if RPKI ROA is the best

>> >>> way to prevent hijack, then it will enjoy patronage. Making it a

>> >>> job of AfriNIC, will possibly be going over board.

>> >>>

>> >>> Responding to my opening question, I believe RIPE and ARIN are not

>> >>> keen on accepting your arguments because they are mundane. This

>> >>> means resource holders should handle this issue, without making it

>> >>> a worry of the RIR.

>> >>>

>> >>> In this regard, AfriNIC should concentrate on handling other more

>> >>> important issues, hence this policy is not relevant.

>> >>>

>> >>>

>> >>> Simply

>> >>>

>> >>> Daniel

>> >>>

>> >>> On 07/06/2021 6:3pm, JORDI PALET MARTINEZ via RPD wrote:

>> >>>> Ni Mimi,____

>> >>>>

>> >>>> __ __

>> >>>>

>> >>>> No, is not ideological, the legal counsel already confirmed the

>> >>>> being bookkeepers has many other **related** implications, such

>> >>>> as provide a trustable source of accurate data, and this is what

>> >>>> RPKI and AS0 improve.____

>> >>>>

>> >>>> __ __

>> >>>>

>> >>>> The fact that in RIPE has not been accepted yet is just one more

>> >>>> excuse, if you compare it with the fact that the other TWO RIRs

>> >>>> where it has been submitted (APNIC and LACNIC) accepted it and in

>> >>>> none of those regions there have been any of the excuses and lack

>> >>>> of knowledge about RPKI that we are hearing here. As I’ve

>> >>>> explained already, I don’t think the RIPE chairs decision was

>> >>>> correct, and we will make sure to resubmit the proposal there

>> >>>> once a consistent appeal process is available, in case chairs

>> >>>> take again a wrong decision. Also, then the experience in APNIC,

>> >>>> LACNIC and AFRINIC will show that those motivations are

>> >>>> ridiculous.____

>> >>>>

>> >>>> __ __

>> >>>>

>> >>>> From time to time is good that ARIN and RIPE aren’t the leaders,

>> >>>> you don’t think so? It shows that very smart people exist in

>> >>>> other regions as well!____

>> >>>>

>> >>>> __ __

>> >>>>

>> >>>> Once more, sometimes policies in one or the other region fail to

>> >>>> reach consensus, but it happens sooner or later.____

>> >>>>

>> >>>> __ __

>> >>>>

>> >>>> If you have a simple and trustable tool such as RPKI to drop

>> >>>> invalids, you have a better way (if you want) to avoid bad actors

>> >>>> to use prefixes that don’t belong to them as they are still on

>> >>>> the hands of AFRINIC. This is just facts. Not ideological, not

>> >>>> opinions or personal view points. So yes, AS0 avoids, if you

>> >>>> operate your network in a consistent way, to be faked with

>> >>>> prefixes not allocated/assigned by AFRINIC, and thus helps to

>> >>>> prevent hijacking.____

>> >>>>

>> >>>> __ __

>> >>>>

>> >>>> Regards,____

>> >>>>

>> >>>> Jordi____

>> >>>>

>> >>>> @jordipalet____

>> >>>>

>> >>>> __ __

>> >>>>

>> >>>> __ __

>> >>>>

>> >>>> __ __

>> >>>>

>> >>>> El 7/6/21 18:47, "Mimi dy" <dym5328 at gmail.com <mailto:dym5328 at gmail.com>

>> >>>> <mailto:dym5328 at gmail.com <mailto:dym5328 at gmail.com>>> escribió:____

>> >>>>

>> >>>> __ __

>> >>>>

>> >>>> Dear WG,____

>> >>>>

>> >>>> ____

>> >>>>

>> >>>> I think the issue here is ideological. Many people believe that

>> >>>> RIRs are mere bookkeepers, and it is not in their mandate to

>> >>>> inject data into the routing database. That is the reason why

>> >>>> RIPE did not approve a similar proposal, which I totally agree

>> >>>> with. Moreover, I wanted to react to Jordi’s statement, saying

>> >>>> that these objections are based on practical and technical

>> >>>> matters. There is not only one routing database, there are many,

>> >>>> isn’t it kind of messy? And that is not even the main reason why

>> >>>> I object to this policy. ____

>> >>>>

>> >>>> From another perspective, since people can adjust and control

>> >>>> their routers, can you precise how this policy can potentially

>> >>>> prevent/ reduce hijacking?____

>> >>>>

>> >>>> ____

>> >>>>

>> >>>> Best.____

>> >>>>

>> >>>> _______________________________________________ RPD mailing list

>> >>>> RPD at afrinic.net <mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net <mailto:RPD at afrinic.net>>

>> >>>> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>

>> >>>> <https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>> ____

>> >>>>

>> >>>>

>> >>>> **********************************************

>> >>>> IPv4 is over

>> >>>> Are you ready for the new Internet ?

>> >>>> http://www.theipv6company.com <http://www.theipv6company.com/><http://www.theipv6company.com <http://www.theipv6company.com/>>

>> >>>> The IPv6 Company

>> >>>>

>> >>>> This electronic message contains information which may be

>> >>>> privileged or confidential. The information is intended to be for

>> >>>> the exclusive use of the individual(s) named above and further

>> >>>> non-explicilty authorized disclosure, copying, distribution or

>> >>>> use of the contents of this information, even if partially,

>> >>>> including attached files, is strictly prohibited and will be

>> >>>> considered a criminal offense. If you are not the intended

>> >>>> recipient be aware that any disclosure, copying, distribution or

>> >>>> use of the contents of this information, even if partially,

>> >>>> including attached files, is strictly prohibited, will be

>> >>>> considered a criminal offense, so you must reply to the original

>> >>>> sender to inform about this communication and delete it.

>>

>> >>>>

>> >>>>

>> >>>> _______________________________________________

>> >>>> RPD mailing list

>> >>>> RPD at afrinic.net <mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net <mailto:RPD at afrinic.net>>

>> >>>> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd><https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>>

>> >>> _______________________________________________

>> >>> RPD mailing list

>> >>> RPD at afrinic.net <mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net <mailto:RPD at afrinic.net>>

>> >>> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd><https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>>

>> >> _______________________________________________

>> >> RPD mailing list

>> >> RPD at afrinic.net <mailto:RPD at afrinic.net> <mailto:RPD at afrinic.net <mailto:RPD at afrinic.net>>

>> >> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>

>> >> <https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>>

>> >>

>> >>

>> >> _______________________________________________

>> >> RPD mailing list

>> >> RPD at afrinic.net <mailto:RPD at afrinic.net>

>> >> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>

>> >>

>> > _______________________________________________

>> > RPD mailing list

>> > RPD at afrinic.net <mailto:RPD at afrinic.net>

>> > https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>

>>

>> _______________________________________________

>> RPD mailing list

>> RPD at afrinic.net <mailto:RPD at afrinic.net>

>> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>

>>

>>

>> _______________________________________________

>> RPD mailing list

>> RPD at afrinic.net <mailto:RPD at afrinic.net>

>> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>

> --

> Mark James ELKINS - Posix Systems - (South) Africa

> mje at posix.co.za <mailto:mje at posix.co.za> Tel: +27.826010496 <tel:+27826010496>

> For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za <https://ftth.posix.co.za/>

>

> <abessive_logo.jpg><QR-MJElkins.png>

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net

> https://lists.afrinic.net/mailman/listinfo/rpd


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210721/a79ecb58/attachment-0001.html>


More information about the RPD mailing list