This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

Hierarchical authorisation failed, request forwarded to maintaine r ???

Previous message (by thread): Hierarchical authorisation failed, request forwarded to maintaine r ???
Next message (by thread): Hierarchical authorisation failed, request forwarded to maintaine r ???

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Daniel Roesen dr at cluenet.de
Mon Oct 14 10:51:15 CEST 2002

On Mon, Oct 14, 2002 at 10:37:37AM +0200, Gert Doering wrote:
> Shane, your explanation is confusing me.  There are other examples with
> "same route, different origin AS" in the RIPE-DB (check 194.97.0.0/16),
> which is sometimes necessary while migrating a network to a new origin
> AS.  

Yes, and this needs authorization from both ASN maintainers. The
usual way is to have ISP2 send an PGP-signed route object to ISP1
which then sends it with his additional PGP signature to RIPE.
Worked several times for us.

> So the database should permit entry of this *new* object, instead of
> checking for modification permission on the *existing* object.

No. Because that allows hijacking under some circumstances.

Regards,
Daniel

Previous message (by thread): Hierarchical authorisation failed, request forwarded to maintaine r ???
Next message (by thread): Hierarchical authorisation failed, request forwarded to maintaine r ???

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ db-wg Archives ]