This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] re-evaluate route-object authorisation model
- Previous message (by thread): [db-wg] re-evaluate route-object authorisation model
- Next message (by thread): [db-wg] re-evaluate route-object authorisation model
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Shane Kerr
shane at time-travellers.org
Wed May 13 12:15:33 CEST 2015
Job, I cannot think of a reason why ignoring the aut-num authorization would be bad. (Possibly a failure of imagination... I am not a hacker....) Answers to your questions: On Wed, 13 May 2015 11:24:58 +0200 Job Snijders <job at ntt.net> wrote: > - should the authorisation model work differently for RIPE managed > space versus non-RIPE managed space? Should we even continue to > allow route-objects covering non-RIPE managed space? I tend to think having a single authorization model makes more sense. I'm not sure, but there may be organizations that prefer a single place to manage all of their routes and also have space from other regions. Certainly the RIPE database is the best routing database among all the RIRs. > - should the authorisation model work differently when creating a > route-object for RIPE managed space with a non-RIPE managed > autnum? If yes, how so? See above. > - although in this idea the autnum owner is no longer required to > approve /creation/ of a route-object, would it be a good idea to > allow the autnum owner to /delete/ any route-object in which their > autnum is referenced as origin? Seems reasonable to me. Anything to keep the database clean sounds like a good idea. :) > - Is RFC 2725 the only reason why the authorisation model was > implemented as it was implemented, can someone remember practical > reasons for doing it this way? During the BoF it was pointed out > that any potential DoS vector already exists today. AFAIK, yes. Basically the RIPE Database was migrated from RIPE-181 to RPSL in 2000 or 2001 IIRC, and at that time RPSL auth was adopted roughly based on the RFC. Cheers, -- Shane
- Previous message (by thread): [db-wg] re-evaluate route-object authorisation model
- Next message (by thread): [db-wg] re-evaluate route-object authorisation model
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]