[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.

[Owen DeLong]

> On Jun 8, 2021, at 08:56 , JORDI PALET MARTINEZ via RPD <rpd at afrinic.net> wrote:

> 

> Hi Job, all,

> 

> And the ROAs come from? All is the same source of information one way or the other.


Sure, but source isn’t the only issue here.

There is a company in the US called “FMC”. They make combine harvesters and tanks (among a variety of other products).

I would argue that while they come from the same source, a combine harvester (a large complicated machine that is used for harvesting crops) is significantly different from a battle tank in terms of the danger it poses.

While getting caught in a combine as an individual is almost certainly fatal, it can only occur at melee range and is unlikely to affect more than one person at a time. OTOH, a battle tank is designed to do maximum damage to relatively large groups of people, structures, other tanks, and just about anything you can imagine at significant range. Both come from the same source, but the amount of devastation one can commit varies greatly between the two items.

It is the same with WHOIS and IRR route objects vs. RPKI. Nobody’s router automatically consumes WHOIS or IRR data directly to make decisions about which routes to accept or not in real time.

OTOH, RPKI AS0 ROAs do give the RIR a loaded howitzer that can be used to kill routes in real production networks on a relatively massive scale.

If the RIR implements good safeguards, displays a high level of competence, and consistently acts in a manner consistent with its policies and governing documents, then handing the RIR that weapon is probably OK. This is the case in most RIRs, frankly.

OTOH, AFRINIC has consistently shown a lesser degree of competence than other RIRs, has consistently violated its own policies and governing documents and recently even gone to the extent of violating a court order to the point of facing possible criminal charges for contempt of court.


> As I said before, the RPD list is not for training and that means that you don't need to explain all the details when discussing a policy proposal. Is up to the participants to make sure they understand all those details.


I think that calling Job ignorant of the details here takes quite a bit of hubris. IMHO, he brings a legitimate objection.


> Presuming that unallocated/unassigned AFRINIC space has not been used for bad things (if that's the case, staff could confirm), doesn't guarantee that it will not happen. It may happen less and less with IPv4, but the IPv6 spaces is much bigger.


The problem is that the policy as written does not limit AS0 ROAs to unallocated/unassigned space sufficiently. It does not preclude the definition of unallocated/unassigned being expanded to “space AFRINIC has decided it has a right to reclaim” regardless of whether that right materially exists or not.

I would not have made this argument until recently, but when AFRINIC chose to deliberately violate a court order to maximize the effects of its unwarranted and vindictive acts, that was a clear demonstration that this organization is not a responsible party that should be handed a loaded howitzer to go play on the internet with.

Owen