[db-wg] re-evaluate route-object authorisation model

Job,

I cannot think of a reason why ignoring the aut-num authorization would
be bad. (Possibly a failure of imagination... I am not a hacker....)

Answers to your questions:

On Wed, 13 May 2015 11:24:58 +0200
Job Snijders <job at ntt.net> wrote:

>     - should the authorisation model work differently for RIPE managed
>       space versus non-RIPE managed space? Should we even continue to
>       allow route-objects covering non-RIPE managed space?

I tend to think having a single authorization model makes more sense.

I'm not sure, but there may be organizations that prefer a single place
to manage all of their routes and also have space from other regions.
Certainly the RIPE database is the best routing database among all the
RIRs.
 
>     - should the authorisation model work differently when creating a
>       route-object for RIPE managed space with a non-RIPE managed
>       autnum? If yes, how so?

See above.
 
>     - although in this idea the autnum owner is no longer required to
>       approve /creation/ of a route-object, would it be a good idea to
>       allow the autnum owner to /delete/ any route-object in which their
>       autnum is referenced as origin?

Seems reasonable to me. Anything to keep the database clean sounds like
a good idea. :)

>     - Is RFC 2725 the only reason why the authorisation model was
>       implemented as it was implemented, can someone remember practical
>       reasons for doing it this way? During the BoF it was pointed out
>       that any potential DoS vector already exists today.

AFAIK, yes. Basically the RIPE Database was migrated from RIPE-181 to
RPSL in 2000 or 2001 IIRC, and at that time RPSL auth was adopted
roughly based on the RFC.

Cheers,

--
Shane