<div dir="ltr"><div><p class="MsoNormal" style="margin:0cm 0cm 8pt;line-height:107%"><span lang="EN-US" style="line-height:107%"><font face="arial, sans-serif" style="">Hey everyone,</font></span></p><p class="MsoNormal" style="margin:0cm 0cm 8pt;line-height:107%"><span lang="EN-US" style="line-height:107%"><font face="arial, sans-serif" style=""><br></font></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 8pt;line-height:107%"><span lang="EN-US" style="line-height:107%"><font face="arial, sans-serif">I, on the other hand, am having issues with this policy due to the
following reasons :</font></span></p><p class="MsoNormal" style="margin:0cm 0cm 8pt;line-height:107%"><span lang="EN-US" style="line-height:107%"><font face="arial, sans-serif"><br></font></span></p>

<pre style="margin:0cm 19.5pt 0.0001pt 0cm;vertical-align:baseline"><span lang="EN-US" style="color:rgb(21,21,21)"><font face="arial, sans-serif">- It potentially can turn registration error into operation disaster, if Afrinic mistakenly labour one of the member’s ip into their own pool, it has a great chance for end users to lose their connection vs just a wrong registration data.<br style="box-sizing:border-box;outline:none">
- RPKI for unallocated space is rather a global policy issue rather than a regional policy issue, all regions should have the same view on the topic, if only AFRINIC implements it, it will create an operational inconsistency.<br style="box-sizing:border-box;outline:none">
- There is a potential huge risk that will be created if Ernest’s case happens again, AFRINIC’s own staff potentially has the power to rob other members space by “AS0” it.</font></span></pre><pre style="margin:0cm 19.5pt 0.0001pt 0cm;vertical-align:baseline"><span lang="EN-US" style="color:rgb(21,21,21)"><font face="arial, sans-serif"> </font></span></pre><pre style="margin:0cm 19.5pt 0.0001pt 0cm;vertical-align:baseline"><span lang="EN-US" style="color:rgb(21,21,21)"><font face="arial, sans-serif">Regards,</font></span></pre><pre style="margin:0cm 19.5pt 0.0001pt 0cm;vertical-align:baseline"><span lang="EN-US" style="color:rgb(21,21,21)"><font face="arial, sans-serif"> </font></span></pre><pre style="margin:0cm 19.5pt 0.0001pt 0cm;vertical-align:baseline"><span lang="EN-US" style="color:rgb(21,21,21)"><font face="arial, sans-serif" style="">Lamiaa</font></span></pre></div><div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><br></div></div></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Le jeu. 17 sept. 2020 à 09:04, Mark Elkins <<a href="mailto:mje@posix.co.za">mje@posix.co.za</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div>
    <p>I support the RPKI ROA policy as written. I understand the
      technical aspects of the policy. I have a feeling that those
      objecting may not completely understand the technical aspects
      which is why they are objecting.</p>
    <p>AFRINIC's job is to properly document the resources they have
      been provided by ICANN/IANA and this is simply part of the job.
      When new resources are provided to AFRINIC, they label it as such
      (AS0, etc). When it is then allocated/assigned to a member, the
      AS0 RPKI is removed. All this means is that the
      unallocated/unassigned resources that are with AFRINIC can be
      (optionally) identified as such and thus can not be easily misused
      by bad actors. This also means that when they are
      allocated/assigned to members, they are less lightly to have been
      made "dirty".<br>
    </p>
    <div>On 2020/09/17 08:26, Ibeanusi Elvis
      wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="ltr">Dear all, 
        <div><br>
        </div>
        <div>The AFRINIC as an organization specifically focuses on the
          registration database and thereby having knowledge of where
          the prefix belongs to and AFRINIC should just focus on this
          role and should not engage in authenticating or the
          authorization of various services. If such rights are given to
          any organization, they have the right to assign prefixes to
          servers hence, having control of the routing database at which
          a technical or human error will lead to an immense catastrophe
          to the internet society. This control is basically the
          specific definition of centralization. This centralization is
          the major reason why most providers do not trust the Resource
          Public Key Infrastructure (RPKI). I am still in opposition to
          this policy proposal. </div>
        <div><br>
        </div>
        <div>Elvis. </div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Thu, Sep 17, 2020 at 3:01
          PM Darwin Costa <<a href="mailto:dc@darwincosta.com" target="_blank">dc@darwincosta.com</a>> wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
          <div>Cmon folks….!
            <div><br>
            </div>
            <div>@Elvis, I really don’t see your point here and also
              don’t really understand why are you opposing against this
              proposal.</div>
            <div><br>
            </div>
            <div>As mentioned further on the thread - RPKI won’t change
              Afrnic´s role at all…. Instead this proposal will
              certainly contribute to a more secure routing
              advertisement.</div>
            <div><br>
            </div>
            <div>As such, other RIR´s have successfully implemented this
              in order to protect our garden so called “The Internet”.</div>
            <div><br>
            </div>
            <div>Darwin-.</div>
            <div><br>
            </div>
            <div><br>
              <div><br>
                <blockquote type="cite">
                  <div>On 17 Sep 2020, at 05:42, Fernando Frediani <<a href="mailto:fhfrediani@gmail.com" target="_blank">fhfrediani@gmail.com</a>>
                    wrote:</div>
                  <br>
                  <div>
                    <div>
                      <p>I think there is a serious issue by some people
                        totally misunderstanding what RPKI actually is.</p>
                      <p>Some arguments saying something like 'Afrinic
                        will centralize control of the internet and
                        should not have such power' don't have relation
                        to what what this proposal intends and the
                        reasons to oppose it are not tied to real
                        possible problems pointed.<br>
                      </p>
                      <p>This proposal only follows what have been done
                        in APNIC and LACNIC and is a natural move to
                        make an internet more secure and avoid
                        organizations to use space that is not assigned
                        to anyone else.<br>
                        Therefore I support this proposal.</p>
                      <p>Fernando<br>
                      </p>
                      <div>On 16/09/2020 20:42, Noah wrote:<br>
                      </div>
                      <blockquote type="cite">
                        <div dir="ltr">
                          <div dir="ltr">
                            <div>
                              <div dir="ltr">
                                <div dir="ltr">
                                  <div>
                                    <div dir="ltr">
                                      <div>
                                        <div dir="ltr">
                                          <div><br>
                                          </div>
                                        </div>
                                      </div>
                                    </div>
                                  </div>
                                </div>
                              </div>
                            </div>
                          </div>
                          <div class="gmail_quote">
                            <div dir="ltr" class="gmail_attr">On Thu,
                              Sep 17, 2020 at 2:30 AM Ibeanusi Elvis
                              <<a href="mailto:ibeanusielvis@gmail.com" target="_blank">ibeanusielvis@gmail.com</a>>
                              wrote:<br>
                            </div>
                            <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
                              <div dir="ltr">
                                <div><br>
                                </div>
                                <div>I am strongly in opposition to this
                                  RPKI ROA proposal,</div>
                              </div>
                            </blockquote>
                            <div><br>
                            </div>
                            <div>You oppose yet....</div>
                            <div> </div>
                            <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
                              <div dir="ltr">
                                <div> issuing an AS0 for AFRINIC address
                                  space </div>
                              </div>
                            </blockquote>
                            <div><br>
                            </div>
                            <div>You must be clear on which AFRINIC
                              address space rather than presenting a
                              rather vague statement. </div>
                            <div><br>
                            </div>
                            <div>The proposal is very clear and explicit
                              and the AFRINIC space in question is that
                              which has not yet been allocated or
                              assigned to any entity or resource member.</div>
                            <div><br>
                            </div>
                            <div>I will quote for you section 2.0 of the
                              proposal as written below;</div>
                            <div><br>
                            </div>
                            <div><b>2.0 Summary of how this proposal
                                addresses the problem</b></div>
                            <div><b><br>
                              </b>This proposal instructs AFRINIC to
                              create ROAs for all <b>unallocated and
                                unassigned address space under its
                                control.</b> This will enable networks
                              performing RPKI-based BGP Origin
                              Validation to easily reject all the bogon
                              announcements covering resources managed
                              by AFRINIC.<br>
                            </div>
                            <div><br>
                            </div>
                            <div>So what are you talking about?</div>
                            <div><br>
                            </div>
                            <div>Noah </div>
                            <div> </div>
                          </div>
                        </div>
                        <br>
                        <fieldset></fieldset>
                        <pre>_______________________________________________
RPD mailing list
<a href="mailto:RPD@afrinic.net" target="_blank">RPD@afrinic.net</a>
<a href="https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.afrinic.net%2Fmailman%2Flistinfo%2Frpd&data=02%7C01%7C%7Ca48324a7026842948aff08d85abbfbd8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637359110720490840&sdata=mOjgUTIarKfPnsD2h0TtixnR51E4wzIwqoo6rONHW%2FI%3D&reserved=0" target="_blank">https://lists.afrinic.net/mailman/listinfo/rpd</a>
</pre>
                      </blockquote>
                    </div>
                    _______________________________________________<br>
                    RPD mailing list<br>
                    <a href="mailto:RPD@afrinic.net" target="_blank">RPD@afrinic.net</a><br>
                    <a href="https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.afrinic.net%2Fmailman%2Flistinfo%2Frpd&amp;data=02%7C01%7C%7Ca48324a7026842948aff08d85abbfbd8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637359110720510827&amp;sdata=jlnsXCK7dATX4Jcg48%2BhurUnj1E5umTa2RZq7IMsb%2Fs%3D&amp;reserved=0" target="_blank">https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.afrinic.net%2Fmailman%2Flistinfo%2Frpd&amp;data=02%7C01%7C%7Ca48324a7026842948aff08d85abbfbd8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637359110720510827&amp;sdata=jlnsXCK7dATX4Jcg48%2BhurUnj1E5umTa2RZq7IMsb%2Fs%3D&amp;reserved=0</a><br>
                  </div>
                </blockquote>
              </div>
              <br>
            </div>
          </div>
          _______________________________________________<br>
          RPD mailing list<br>
          <a href="mailto:RPD@afrinic.net" target="_blank">RPD@afrinic.net</a><br>
          <a href="https://lists.afrinic.net/mailman/listinfo/rpd" rel="noreferrer" target="_blank">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
        </blockquote>
      </div>
      <br>
      <fieldset></fieldset>
      <pre>_______________________________________________
RPD mailing list
<a href="mailto:RPD@afrinic.net" target="_blank">RPD@afrinic.net</a>
<a href="https://lists.afrinic.net/mailman/listinfo/rpd" target="_blank">https://lists.afrinic.net/mailman/listinfo/rpd</a>
</pre>
    </blockquote>
    <div>-- <br>
      
      
      <p>Mark James ELKINS  -  Posix Systems - (South) Africa<br>
        <a href="mailto:mje@posix.co.za" target="_blank">mje@posix.co.za</a>       Tel: <a href="tel:+27826010496" target="_blank">+27.826010496</a><br>
        For fast, reliable, low cost Internet in ZA: <a href="https://ftth.posix.co.za" target="_blank">https://ftth.posix.co.za</a><br>
        <br>
        <img src="cid:1749b421fa2a1b100691" alt="Posix
          Systems" width="250" height="165"><img src="cid:1749b421fa2536060ae2" alt="VCARD for
          MJ Elkins" title="VCARD, Scan me please!" width="164" height="164"><br>
      </p>
    </div>
  </div>

_______________________________________________<br>
RPD mailing list<br>
<a href="mailto:RPD@afrinic.net" target="_blank">RPD@afrinic.net</a><br>
<a href="https://lists.afrinic.net/mailman/listinfo/rpd" rel="noreferrer" target="_blank">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
</blockquote></div>