[db-wg] source: field for non RIPE address space

On Fri, Nov 14, 2014 at 11:15:22AM +0000, Nick Hilliard wrote:

Hi

> There's been a bit of media panic recently about registration of non RIPE
> address space in the RIPE IRRDB, e.g.
> 
> > http://krebsonsecurity.com/2014/11/network-hijackers-exploit-technical-loophole
> 
> The premise is that if you can register a prefix in a routing registry,
> this will give you the ability to inject a prefix into the DFZ.
> 
> We'll ignore the fact that what you actually need to inject a prefix into
> the DFZ is a complicit transit provider and that most transit providers
> don't use the IRRDBs for bgp leaf filtering anyway, and even if they did,
> there are plenty of other IRRDBs where this information can be registered.
> 
> But that aside, some organisations use IRRDB information extensively,
> particularly IXPs running route servers.  Many of these organisations
> filter on source: because of the amount of trash in alternative IRRDBs.
> 
> So, could the RIPE NCC database people consider using a different source:
> value for non RIPE address space, so that it would be possible for irrdb
> users to easily filter out authoritative data from non authoritative data?
> 
> E.g. 185.6.36.0/22 might continue to have "source: RIPE", but a prefix like
> "210.57.192.0/20" might have "source: RIPE-NONAUTH".

This is a good idea, taking into account comments made by Kaveh. We
should not throw the baby out with the bathwater.

Piotr

-- 
gucio -> Piotr Strzyżewski
E-mail: Piotr.Strzyzewski at polsl.pl