<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Sep 17, 2020, at 1:55 AM, Lamiaa Chnayti <<a href="mailto:lamiaachnayti@gmail.com" class="">lamiaachnayti@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class=""><p class="MsoNormal" style="margin:0cm 0cm 8pt;line-height:107%"><span lang="EN-US" style="line-height:107%" class=""><font face="arial, sans-serif" style="" class="">Hey everyone,</font></span></p><p class="MsoNormal" style="margin:0cm 0cm 8pt;line-height:107%"><span lang="EN-US" style="line-height:107%" class=""><font face="arial, sans-serif" style="" class=""><br class=""></font></span></p><p class="MsoNormal" style="margin:0cm 0cm 8pt;line-height:107%"><span lang="EN-US" style="line-height:107%" class=""><font face="arial, sans-serif" class="">I, on the other hand, am having issues with this policy due to the
following reasons :</font></span></p><p class="MsoNormal" style="margin:0cm 0cm 8pt;line-height:107%"><span lang="EN-US" style="line-height:107%" class=""><font face="arial, sans-serif" class=""><br class=""></font></span></p>
<pre style="margin:0cm 19.5pt 0.0001pt 0cm;vertical-align:baseline" class=""><span lang="EN-US" style="color:rgb(21,21,21)" class=""><font face="arial, sans-serif" class="">- It potentially can turn registration error into operation disaster, if Afrinic mistakenly labour one of the member’s ip into their own pool, it has a great chance for end users to lose their connection vs just a wrong registration data.<br style="box-sizing:border-box;outline:none" class=""></font></span></pre></div></div></div></blockquote><div><br class=""></div>That’s true with the existing ROA structure also. With any BGP related tool, there is the potential for an error to cause a problem in connectivity.</div><div><br class=""></div><div>It’s true of the IRR as well.</div><div><br class=""></div><div>The likelihood of an incorrect AS0 ROA being issued is very small. Further, providers are free to ignore any or all AS0 ROAs even if they implement RPKI in other respects.</div><div><br class=""></div><div>AFRINIC publishing the same information about their free pool in this mechanism vs. any other does not change the potential for error.</div><div><br class=""></div><div>Further, technically any entity could track AFRINIC’s unallocated resources relatively easily and produce their own AS0 feed. This would be far more dangerous if ISPs started subscribing to it as an alternative to AFRINIC. This objection has been repeated many times and has been debunked each and every time.</div><div><br class=""></div><div><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class=""><pre style="margin:0cm 19.5pt 0.0001pt 0cm;vertical-align:baseline" class=""><span lang="EN-US" style="color:rgb(21,21,21)" class=""><font face="arial, sans-serif" class="">- RPKI for unallocated space is rather a global policy issue rather than a regional policy issue, all regions should have the same view on the topic, if only AFRINIC implements it, it will create an operational inconsistency.<br style="box-sizing:border-box;outline:none" class=""></font></span></pre></div></div></div></blockquote><div><br class=""></div>APNIC and LACNIC have already passed nearly identical policy to this… That’s 40% of the RIRs in the world. APNIC has already implemented it and is already publishing AS0 ROAs without incident.</div><div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class=""><pre style="margin:0cm 19.5pt 0.0001pt 0cm;vertical-align:baseline" class=""><span lang="EN-US" style="color:rgb(21,21,21)" class=""><font face="arial, sans-serif" class="">- There is a potential huge risk that will be created if Ernest’s case happens again, AFRINIC’s own staff potentially has the power to rob other members space by “AS0” it.</font></span></pre></div></div></div></blockquote><div><br class=""></div>This is simply not true. Quite the opposite, in fact, in that AS0 ROAs properly implemented could serve as a tool to safeguard against another Ernest case.</div><div><br class=""></div><div>Owen</div><div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class=""><pre style="margin:0cm 19.5pt 0.0001pt 0cm;vertical-align:baseline" class=""><span lang="EN-US" style="color:rgb(21,21,21)" class=""><font face="arial, sans-serif" class="">Regards,</font></span></pre><pre style="margin:0cm 19.5pt 0.0001pt 0cm;vertical-align:baseline" class=""><span lang="EN-US" style="color:rgb(21,21,21)" class=""><font face="arial, sans-serif" class=""> </font></span></pre><pre style="margin:0cm 19.5pt 0.0001pt 0cm;vertical-align:baseline" class=""><span lang="EN-US" style="color:rgb(21,21,21)" class=""><font face="arial, sans-serif" style="" class="">Lamiaa</font></span></pre></div><div class=""><div class=""><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div class=""><br class=""></div></div></div></div></div></div></div></div><br class=""></div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Le jeu. 17 sept. 2020 à 09:04, Mark Elkins <<a href="mailto:mje@posix.co.za" class="">mje@posix.co.za</a>> a écrit :<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div class=""><p class="">I support the RPKI ROA policy as written. I understand the
technical aspects of the policy. I have a feeling that those
objecting may not completely understand the technical aspects
which is why they are objecting.</p><p class="">AFRINIC's job is to properly document the resources they have
been provided by ICANN/IANA and this is simply part of the job.
When new resources are provided to AFRINIC, they label it as such
(AS0, etc). When it is then allocated/assigned to a member, the
AS0 RPKI is removed. All this means is that the
unallocated/unassigned resources that are with AFRINIC can be
(optionally) identified as such and thus can not be easily misused
by bad actors. This also means that when they are
allocated/assigned to members, they are less lightly to have been
made "dirty".<br class="">
</p>
<div class="">On 2020/09/17 08:26, Ibeanusi Elvis
wrote:<br class="">
</div>
<blockquote type="cite" class="">
<div dir="ltr" class="">Dear all,
<div class=""><br class="">
</div>
<div class="">The AFRINIC as an organization specifically focuses on the
registration database and thereby having knowledge of where
the prefix belongs to and AFRINIC should just focus on this
role and should not engage in authenticating or the
authorization of various services. If such rights are given to
any organization, they have the right to assign prefixes to
servers hence, having control of the routing database at which
a technical or human error will lead to an immense catastrophe
to the internet society. This control is basically the
specific definition of centralization. This centralization is
the major reason why most providers do not trust the Resource
Public Key Infrastructure (RPKI). I am still in opposition to
this policy proposal. </div>
<div class=""><br class="">
</div>
<div class="">Elvis. </div>
</div>
<br class="">
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Sep 17, 2020 at 3:01
PM Darwin Costa <<a href="mailto:dc@darwincosta.com" target="_blank" class="">dc@darwincosta.com</a>> wrote:<br class="">
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div class="">Cmon folks….!
<div class=""><br class="">
</div>
<div class="">@Elvis, I really don’t see your point here and also
don’t really understand why are you opposing against this
proposal.</div>
<div class=""><br class="">
</div>
<div class="">As mentioned further on the thread - RPKI won’t change
Afrnic´s role at all…. Instead this proposal will
certainly contribute to a more secure routing
advertisement.</div>
<div class=""><br class="">
</div>
<div class="">As such, other RIR´s have successfully implemented this
in order to protect our garden so called “The Internet”.</div>
<div class=""><br class="">
</div>
<div class="">Darwin-.</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">On 17 Sep 2020, at 05:42, Fernando Frediani <<a href="mailto:fhfrediani@gmail.com" target="_blank" class="">fhfrediani@gmail.com</a>>
wrote:</div>
<br class="">
<div class="">
<div class=""><p class="">I think there is a serious issue by some people
totally misunderstanding what RPKI actually is.</p><p class="">Some arguments saying something like 'Afrinic
will centralize control of the internet and
should not have such power' don't have relation
to what what this proposal intends and the
reasons to oppose it are not tied to real
possible problems pointed.<br class="">
</p><p class="">This proposal only follows what have been done
in APNIC and LACNIC and is a natural move to
make an internet more secure and avoid
organizations to use space that is not assigned
to anyone else.<br class="">
Therefore I support this proposal.</p><p class="">Fernando<br class="">
</p>
<div class="">On 16/09/2020 20:42, Noah wrote:<br class="">
</div>
<blockquote type="cite" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div class="">
<div dir="ltr" class="">
<div class="">
<div dir="ltr" class="">
<div class=""><br class="">
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu,
Sep 17, 2020 at 2:30 AM Ibeanusi Elvis
<<a href="mailto:ibeanusielvis@gmail.com" target="_blank" class="">ibeanusielvis@gmail.com</a>>
wrote:<br class="">
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr" class="">
<div class=""><br class="">
</div>
<div class="">I am strongly in opposition to this
RPKI ROA proposal,</div>
</div>
</blockquote>
<div class=""><br class="">
</div>
<div class="">You oppose yet....</div>
<div class=""> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr" class="">
<div class=""> issuing an AS0 for AFRINIC address
space </div>
</div>
</blockquote>
<div class=""><br class="">
</div>
<div class="">You must be clear on which AFRINIC
address space rather than presenting a
rather vague statement. </div>
<div class=""><br class="">
</div>
<div class="">The proposal is very clear and explicit
and the AFRINIC space in question is that
which has not yet been allocated or
assigned to any entity or resource member.</div>
<div class=""><br class="">
</div>
<div class="">I will quote for you section 2.0 of the
proposal as written below;</div>
<div class=""><br class="">
</div>
<div class=""><b class="">2.0 Summary of how this proposal
addresses the problem</b></div>
<div class=""><b class=""><br class="">
</b>This proposal instructs AFRINIC to
create ROAs for all <b class="">unallocated and
unassigned address space under its
control.</b> This will enable networks
performing RPKI-based BGP Origin
Validation to easily reject all the bogon
announcements covering resources managed
by AFRINIC.<br class="">
</div>
<div class=""><br class="">
</div>
<div class="">So what are you talking about?</div>
<div class=""><br class="">
</div>
<div class="">Noah </div>
<div class=""> </div>
</div>
</div>
<br class="">
<fieldset class=""></fieldset>
<pre class="">_______________________________________________
RPD mailing list
<a href="mailto:RPD@afrinic.net" target="_blank" class="">RPD@afrinic.net</a>
<a href="https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.afrinic.net%2Fmailman%2Flistinfo%2Frpd&data=02%7C01%7C%7Ca48324a7026842948aff08d85abbfbd8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637359110720490840&sdata=mOjgUTIarKfPnsD2h0TtixnR51E4wzIwqoo6rONHW%2FI%3D&reserved=0" target="_blank" class="">https://lists.afrinic.net/mailman/listinfo/rpd</a>
</pre>
</blockquote>
</div>
_______________________________________________<br class="">
RPD mailing list<br class="">
<a href="mailto:RPD@afrinic.net" target="_blank" class="">RPD@afrinic.net</a><br class="">
<a href="https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.afrinic.net%2Fmailman%2Flistinfo%2Frpd&data=02%7C01%7C%7Ca48324a7026842948aff08d85abbfbd8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637359110720510827&sdata=jlnsXCK7dATX4Jcg48%2BhurUnj1E5umTa2RZq7IMsb%2Fs%3D&reserved=0" target="_blank" class="">https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.afrinic.net%2Fmailman%2Flistinfo%2Frpd&data=02%7C01%7C%7Ca48324a7026842948aff08d85abbfbd8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637359110720510827&sdata=jlnsXCK7dATX4Jcg48%2BhurUnj1E5umTa2RZq7IMsb%2Fs%3D&reserved=0</a><br class="">
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
_______________________________________________<br class="">
RPD mailing list<br class="">
<a href="mailto:RPD@afrinic.net" target="_blank" class="">RPD@afrinic.net</a><br class="">
<a href="https://lists.afrinic.net/mailman/listinfo/rpd" rel="noreferrer" target="_blank" class="">https://lists.afrinic.net/mailman/listinfo/rpd</a><br class="">
</blockquote>
</div>
<br class="">
<fieldset class=""></fieldset>
<pre class="">_______________________________________________
RPD mailing list
<a href="mailto:RPD@afrinic.net" target="_blank" class="">RPD@afrinic.net</a>
<a href="https://lists.afrinic.net/mailman/listinfo/rpd" target="_blank" class="">https://lists.afrinic.net/mailman/listinfo/rpd</a>
</pre>
</blockquote>
<div class="">-- <br class=""><p class="">Mark James ELKINS - Posix Systems - (South) Africa<br class="">
<a href="mailto:mje@posix.co.za" target="_blank" class="">mje@posix.co.za</a> Tel: <a href="tel:+27826010496" target="_blank" class="">+27.826010496</a><br class="">
For fast, reliable, low cost Internet in ZA: <a href="https://ftth.posix.co.za/" target="_blank" class="">https://ftth.posix.co.za</a><br class="">
<br class="">
<span id="cid:1749b421fa2a1b100691"><abessive_logo.jpg></span><span id="cid:1749b421fa2536060ae2"><QR-MJElkins.png></span><br class="">
</p>
</div>
</div>
_______________________________________________<br class="">
RPD mailing list<br class="">
<a href="mailto:RPD@afrinic.net" target="_blank" class="">RPD@afrinic.net</a><br class="">
<a href="https://lists.afrinic.net/mailman/listinfo/rpd" rel="noreferrer" target="_blank" class="">https://lists.afrinic.net/mailman/listinfo/rpd</a><br class="">
</blockquote></div>
_______________________________________________<br class="">RPD mailing list<br class=""><a href="mailto:RPD@afrinic.net" class="">RPD@afrinic.net</a><br class="">https://lists.afrinic.net/mailman/listinfo/rpd<br class=""></div></blockquote></div><br class=""></body></html>