[db-wg] Control over associating objects for number blocks

Denis,

Thanks for your comments, the key intent would be to provide the ability for legacy holders to have control over their blocks enabling self-service of the legacy blocks. Currently, that is not the case. There are many instances where a holder must contact RIPE NCC to intervene on behalf of the number block holder. It is the intent that we just treat legacy fairly to enable legacy holders the ability to keep their own records updated.

If I own a legacy number block I should have the ability to manage the records associated with my block. If a record is outdated, I should be able to use a self-service tool to updated my records.

In the case where some members of the community were against enabling the reclaim functionality for legacy blocks, I would ask why they believe legacy blocks should be treated separately? From my perspective a legacy holder should have all of the same abilities.

Thanks,
Billy



On Oct 27, 2015, at 9:09 PM, ripedenis at yahoo.co.uk<mailto:ripedenis at yahoo.co.uk> wrote:

HI guys

You need to think about what you are doing here. If you invent a new mechanism to remove the association of a ROUTE object from some address space what does that mean? If such a mechanism was adopted, implemented and everyone knew what it means, those ROUTE objects will be ignored. So you may as well have simply deleted them. Don't try to invent a new mechanism that leaves redundant, misleading garbage in the database.

This issue was discussed around the time of the last RIPE Meeting. It only relates to legacy space as RIPE address space is covered by the reclaim functionality. The question previously discussed was whether to allow the reclaim functionality to be used by top level legacy resource holders. If I remember some people were in favour and some weren't.

The arguments for are to allow practical administration of legacy resources which are hindered by some historical objects. The arguments against were those occasions where some legacy resource was divided and sold/given/otherwise transferred to some other user but the RIPE NCC is not aware of that change and it is not reflected in the RIPE Database. By giving the reclaim functionality to known top level legacy resource holders they may gain control over resources they have no right to have. But that can be mitigated by the RIPE NCC being able to replace any deleted objects if someone provides the documentation to show they are the legitimate holder of the affected resource.

So you need to make a decision on allowing the reclaim functionality to be used by legacy resource holders rather than inventing some parallel functionality that actually achieves the same effect with the same benefits/consequences.

cheers
denis

________________________________
From: William Sylvester <william.sylvester at addrex.net<mailto:william.sylvester at addrex.net>>
To: Janos Zsako <zsako at iszt.hu<mailto:zsako at iszt.hu>>
Cc: "db-wg at ripe.net<mailto:db-wg at ripe.net>" <db-wg at ripe.net<mailto:db-wg at ripe.net>>
Sent: Tuesday, 27 October 2015, 19:02
Subject: Re: [db-wg] Control over associating objects for number blocks

Janos,

Thanks for the email, you have identified the heart of the issue. When a route exists that is not maintained by the same maintainer as the number block what should the authorization hierarchy be for that block? Especially when that record keeps a number block holder from managing the information associated with their number block.

Previously we had discussed giving an upper maintainer status to the number block holder over those objects but some members of the community were worried that this might cause problems for records they wanted no control over.

The intent of the language I used was specifically to avoid the issue of provided extra maintainer status for certain objects leaving that for their actual maintainer. But to have the ability to remove them from being associated with your network block.

I am open to ideas on how to best accomplish this task. I know in certain cases this is already possible based on the status of your space and the tool you are using. I was mostly advocating for this feature to be available for all blocks, enabling holders to have full control over their number block.

Thanks,
Billy





> On Oct 27, 2015, at 1:46 PM, Janos Zsako <zsako at iszt.hu<mailto:zsako at iszt.hu>> wrote:
>
> Dear Billy,
>
> I think I understand the problem you describe and I think it is useful to
> try to solve it in some automatic way (i.e. without the human intervention
> from the RIPE NCC).
>
> I cannot, however, understand the following part:
>
>> The number block holder should not be able to delete an object they do not have maintainer status for, but they should be able to remove the association from their number block.
>
> As an example I think of 192.168.0.0-192.168.255.255 being assigned to
> COMPANY and the inetnum has COMPANY-MNT as maintainer.
>
> In the database we can find the following route:
>
> route:          192.168.0.0/16
> descr:          whatever
> origin:        AS64500
> mnt-by:        AS64500-MNT
> ...
> source:        RIPE # Filtered
>
> and COMPANY does not have control over AS64500-MNT.
>
> How could COMPANY modify this route in such a way that they remove the
> association with their assignment _without_ deleting it?
>
> The same applies to a reverse delegation, e.g.:
>
> domain:        168.192.in-addr.arpa
> descr:          whatever
> ...
> mnt-by:        AS64500-MNT
> ..
> source:        RIPE # Filtered
>
> Could you please clarify what you meant by the above?
>
> Did you have in mind that these could be transformed in a fake route
> (or domain) mobject like:
>
> route:          10.0.0.0/8
> descr:          orphaned 192.168.0.0/16
> descr:          whatever
> origin:        AS64500
> mnt-by:        AS64500-MNT
> ...
> source: RIPE # Filtered
>
> or
>
> domain:        10.in-addr.arpa
> descr:          orphaned 168.192.in-addr.arpa
> descr:          whatever
> ...
> mnt-by:        AS64500-MNT
> ..
> source:        RIPE # Filtered
>
> respectively?
>
> Thanks and regards,
> Janos
>
>> Billy
>>
>> William Sylvester
>> william.sylvester at addrex.net<mailto:william.sylvester at addrex.net> <mailto:william.sylvester at addrex.net<mailto:william.sylvester at addrex.net>>




-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/db-wg/attachments/20151102/db3ca808/attachment.html>