<div dir="ltr"><div>Hi Daniel,<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 8 Jun 2021 at 00:55, Daniel Yakmut via RPD <<a href="mailto:rpd@afrinic.net">rpd@afrinic.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Hi,<div dir="auto"><br></div><div dir="auto">Are you postulating here that Resources not allocated are susceptible to hijack?</div></div></blockquote><div><br></div><div>Yes we are.</div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="auto"><br></div><div dir="auto">My other understanding is an RIR is a resource dispenser.</div></div></blockquote><div><br></div><div>Yes that is true. So they are also the only ones that can say "we have not dispensed these addresses yet". That is the purpose of ROAs, just to say, we have not dispensed this yet. <br></div><div><br></div><div>Regards</div><div><br></div><div>John</div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="auto"><br></div><div dir="auto">Simply</div><div dir="auto">Daniel</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jun 7, 2021, 11:30 PM Fernando Frediani <<a href="mailto:fhfrediani@gmail.com" target="_blank">fhfrediani@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>AfriNic (or any other RIR) is the resource holder for IP space
that IANA has allocated to it. So who else could secure that space
until it is assigned to an organization issuing ROAs if not the
current resource holder ?</p>
<p>Must we have a policy accepted by either RIPE or ARIN first in
order to accept it in AfriNic afterwards ?<br>
This is not a worry to the RIR, it is actually an additional
guarantee that no one else will try to make usage of IP space
under its responsability.<br>
</p>
<p>Fernando<br>
</p>
<div>On 07/06/2021 19:14, Daniel Yakmut via
RPD wrote:<br>
</div>
<blockquote type="cite">
<p>Dear Jordi, <br>
</p>
<p>Just out of curiosity why has RIPE and ARIN refused to adopt
the RPKI ROA and make it their responsibility that it is used by
resource holder?. I will agree that RPKI ROA is a good tool to
secure BGP routing, however I don't see as the responsibility of
an RIR to implement it.</p>
<p>My strong opinion is that any resource holder should be
responsible for securing its resources and if RPKI ROA is the
best way to prevent hijack, then it will enjoy patronage. Making
it a job of AfriNIC, will possibly be going over board.</p>
<p>Responding to my opening question, I believe RIPE and ARIN are
not keen on accepting your arguments because they are mundane.
This means resource holders should handle this issue, without
making it a worry of the RIR.</p>
<p>In this regard, AfriNIC should concentrate on handling other
more important issues, hence this policy is not relevant.</p>
<p><br>
</p>
<p>Simply</p>
<p>Daniel<br>
</p>
<div>On 07/06/2021 6:3pm, JORDI PALET
MARTINEZ via RPD wrote:<br>
</div>
<blockquote type="cite">
<div>
<p class="MsoNormal"><span style="font-size:12pt" lang="ES-TRAD">Ni Mimi,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12pt" lang="ES-TRAD"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12pt" lang="EN-US">No, is not ideological, the legal counsel
already confirmed the being bookkeepers has many other *<b>related</b>*
implications, such as provide a trustable source of
accurate data, and this is what RPKI and AS0 improve.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12pt" lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12pt" lang="EN-US">The fact that in RIPE has not been accepted
yet is just one more excuse, if you compare it with the
fact that the other TWO RIRs where it has been submitted
(APNIC and LACNIC) accepted it and in none of those
regions there have been any of the excuses and lack of
knowledge about RPKI that we are hearing here. As I’ve
explained already, I don’t think the RIPE chairs decision
was correct, and we will make sure to resubmit the
proposal there once a consistent appeal process is
available, in case chairs take again a wrong decision.
Also, then the experience in APNIC, LACNIC and AFRINIC
will show that those motivations are ridiculous.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12pt" lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12pt" lang="EN-US">From time to time is good that ARIN and RIPE
aren’t the leaders, you don’t think so? It shows that very
smart people exist in other regions as well!<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12pt" lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12pt" lang="EN-US">Once more, sometimes policies in one or the
other region fail to reach consensus, but it happens
sooner or later.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12pt" lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12pt" lang="EN-US">If you have a simple and trustable tool such
as RPKI to drop invalids, you have a better way (if you
want) to avoid bad actors to use prefixes that don’t
belong to them as they are still on the hands of AFRINIC.
This is just facts. Not ideological, not opinions or
personal view points. So yes, AS0 avoids, if you operate
your network in a consistent way, to be faked with
prefixes not allocated/assigned by AFRINIC, and thus helps
to prevent hijacking.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12pt" lang="EN-US"><u></u> <u></u></span></p>
<div>
<p class="MsoNormal"><span style="font-size:12pt;color:black" lang="EN-US">Regards,<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-bottom:12pt"><span style="font-size:12pt;color:black" lang="ES-TRAD">Jordi<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-bottom:12pt"><span style="font-size:12pt;color:black" lang="ES-TRAD">@jordipalet<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-bottom:12pt"><span style="font-size:12pt;color:black" lang="ES-TRAD"><u></u> <u></u></span></p>
</div>
<p class="MsoNormal"><span style="font-size:12pt" lang="ES-TRAD"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12pt" lang="ES-TRAD"><u></u> <u></u></span></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">El 7/6/21
18:47, "Mimi dy" <<a href="mailto:dym5328@gmail.com" rel="noreferrer" target="_blank">dym5328@gmail.com</a>>
escribió:<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-right:0cm;margin-bottom:8pt;margin-left:35.4pt;line-height:106%"><span lang="EN-IN">Dear WG,</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-right:0cm;margin-bottom:8pt;margin-left:35.4pt;line-height:106%"><span lang="EN-IN"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-right:0cm;margin-bottom:8pt;margin-left:35.4pt;line-height:106%"><span lang="EN-IN">I think the issue here is ideological. Many
people believe that RIRs are mere bookkeepers, and it is
not in their mandate to inject data into the routing
database. That is the reason why RIPE did not approve a
similar proposal, which I totally agree with. Moreover,
I wanted to react to Jordi’s statement, saying that
these objections are based on practical and technical
matters. There is not only one routing database, there
are many, isn’t it kind of messy? And that is not even
the main reason why I object to this policy. </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-right:0cm;margin-bottom:8pt;margin-left:35.4pt;line-height:106%"><span lang="EN-IN">From another perspective, since people can
adjust and control their routers, can you precise how
this policy can potentially prevent/ reduce hijacking?</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-right:0cm;margin-bottom:8pt;margin-left:35.4pt;line-height:106%"><span lang="EN-IN"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-right:0cm;margin-bottom:8pt;margin-left:35.4pt;line-height:106%"><span lang="EN-IN">Best.</span><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:35.4pt">_______________________________________________
RPD mailing list <a href="mailto:RPD@afrinic.net" rel="noreferrer" target="_blank">RPD@afrinic.net</a>
<a href="https://lists.afrinic.net/mailman/listinfo/rpd" rel="noreferrer" target="_blank">https://lists.afrinic.net/mailman/listinfo/rpd</a>
<u></u><u></u></p>
</div>
<br>
**********************************************<br>
IPv4 is over<br>
Are you ready for the new Internet ?<br>
<a href="http://www.theipv6company.com" rel="noreferrer" target="_blank">http://www.theipv6company.com</a><br>
The IPv6 Company<br>
<br>
This electronic message contains information which may be
privileged or confidential. The information is intended to be
for the exclusive use of the individual(s) named above and
further non-explicilty authorized disclosure, copying,
distribution or use of the contents of this information, even if
partially, including attached files, is strictly prohibited and
will be considered a criminal offense. If you are not the
intended recipient be aware that any disclosure, copying,
distribution or use of the contents of this information, even if
partially, including attached files, is strictly prohibited,
will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete
it.<br>
<br>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
RPD mailing list
<a href="mailto:RPD@afrinic.net" rel="noreferrer" target="_blank">RPD@afrinic.net</a>
<a href="https://lists.afrinic.net/mailman/listinfo/rpd" rel="noreferrer" target="_blank">https://lists.afrinic.net/mailman/listinfo/rpd</a>
</pre>
</blockquote>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
RPD mailing list
<a href="mailto:RPD@afrinic.net" rel="noreferrer" target="_blank">RPD@afrinic.net</a>
<a href="https://lists.afrinic.net/mailman/listinfo/rpd" rel="noreferrer" target="_blank">https://lists.afrinic.net/mailman/listinfo/rpd</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
RPD mailing list<br>
<a href="mailto:RPD@afrinic.net" rel="noreferrer" target="_blank">RPD@afrinic.net</a><br>
<a href="https://lists.afrinic.net/mailman/listinfo/rpd" rel="noreferrer noreferrer" target="_blank">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
</blockquote></div>
_______________________________________________<br>
RPD mailing list<br>
<a href="mailto:RPD@afrinic.net" target="_blank">RPD@afrinic.net</a><br>
<a href="https://lists.afrinic.net/mailman/listinfo/rpd" rel="noreferrer" target="_blank">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
</blockquote></div></div>