Petrit Hasani wrote on 31/10/2019 14:28:
A new RIPE Policy proposal, 2019-08, "RPKI ROAs for Unallocated and
Unassigned RIPE NCC Address Space" is now available for discussion.
This policy is more relevant to IPv6, because there is lots of
unallocated / unassigned IPv6 address space, and that situation will
continue indefinitely.
Having said that, there's been no evidence produced that ipv6 hijacking
is a problem. Ipv6 is not a scarce resource; nor is unallocated /
unassigned space as valuable for hijacking as ipv4.
For IPv4, given the timescales of policy development, the policy (if
accepted) would become active well after the RIPE NCC working ipv4
allocation pool was empty. Also, there's a waiting list policy for new
IPv4 address space, which means that any new IPv4 addresses which become
available are almost certain to be snapped up immediately. So the
benefits of hours to days worth of invalidation seem small.
In effect, this means that the RIPE NCC would end up creating ipv4 ROAs for:
- the temporary address pool
- the ixp pool
- the /16 held in reserve
and basically nothing else.
From a political point of view, I'm deeply uncomfortable with the idea
of the RIPE NCC setting out to make preemptive declarations of
routability for anything other than holders of resource allocations /
assignments. This is new and precedents like this could weaken the RIPE
NCC's case if it were to argue in court that it was inappropriate for it
to create false ROAs for address blocks.
Overall, the technical value of this proposal is small, and it raises
potentially difficult and awkward questions about precedent. I don't
think that this is a good balance from the point of view of policy
development.
Nick
