This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[db-wg] re-evaluate route-object authorisation model
- Previous message (by thread): [db-wg] Cross registry authentication BOF - rough notes
- Next message (by thread): [db-wg] re-evaluate route-object authorisation model
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Job Snijders
job at ntt.net
Wed May 13 11:24:58 CEST 2015
Dear working group, Yesterday during the birds of a feather session about "cross-registry authorisation" the idea to relax the authorisation requirements for route-object creation was brought up (again). I ask this group to further explore. Today, to create a route-object, BOTH the inetnum mntner, and the autnum mntner need to approve the creation of the route-object. One could argue that it is sufficient to require only authorisation from the inetnum owner to create a route-object. This would simplify the process, especially if the autnum is managed in a non-RIPE RIR. No longer would ARIN autnum owners be required to create a superfluous autnum object in the RIPE database. Questions: - should the authorisation model work differently for RIPE managed space versus non-RIPE managed space? Should we even continue to allow route-objects covering non-RIPE managed space? - should the authorisation model work differently when creating a route-object for RIPE managed space with a non-RIPE managed autnum? If yes, how so? - although in this idea the autnum owner is no longer required to approve /creation/ of a route-object, would it be a good idea to allow the autnum owner to /delete/ any route-object in which their autnum is referenced as origin? - Is RFC 2725 the only reason why the authorisation model was implemented as it was implemented, can someone remember practical reasons for doing it this way? During the BoF it was pointed out that any potential DoS vector already exists today. - ... ? Kind regards, Job
- Previous message (by thread): [db-wg] Cross registry authentication BOF - rough notes
- Next message (by thread): [db-wg] re-evaluate route-object authorisation model
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]