This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Foreign ROUTE objects in RIPE Database - final decision?
- Previous message (by thread): [db-wg] Foreign ROUTE objects in RIPE Database - final decision?
- Next message (by thread): [db-wg] Foreign ROUTE objects in RIPE Database - final decision?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Erik Bais
erik at bais.name
Tue Oct 17 10:15:35 CEST 2017
I agree and support both 2 mentioned items. Erik Bais -----Oorspronkelijk bericht----- Van: Job Snijders [mailto:job at instituut.net] Verzonden: dinsdag 17 oktober 2017 9:53 Aan: William Sylvester <william.sylvester at addrex.net> CC: Database WG <db-wg at ripe.net> Onderwerp: Re: [db-wg] Foreign ROUTE objects in RIPE Database - final decision? Dear WG, chairs, On Mon, Oct 16, 2017 at 11:24:14PM +0000, William Sylvester via db-wg wrote: > Now that there has been substantial discussion on this topic, I wanted > to try to bring the conversation back to a more practical and > actionable path forward. Clearly this is a topic where there are a lot > of opinions. From seeing the discussion and receiving additional > feedback, I wanted to point out some re-occurring themes and request a > revised proposal for working group consideration. > > 1) Remove the "origin:" authorization requirement. RIPE is currently > the only RIR that requires this, the current implementation creates > data concurrency issues across Internet databases by requiring the > creation of duplicate autnums. > > 2) Flag "route:" objects for non-RIPE-managed space with "source: > RIPE-NONAUTH" to identify non-authoritative data. > > I’d like to seek input from the group; > > - Do you feel these options are straight forward and easy to understand? > - Does this provide a reasonable security posture? > - Will this make a positive impact for RIPE DB and the greater Internet? > - Do you support these concepts? I fully support executing both action items. Removal of the "origin:" authorisation step will bring the RIPE IRR in line with other databases such as APNIC, RADB and as such make use of the database easier for global organisations. It also aligns with the practises observed in RPKI. Flagging "route:/route6:" objects with "RIPE-NONAUTH" when they cover non-RIPE managed space has many benefits. Setting the "source:" to represent what the data actually means, we can programmatically analyse the contents of the RIPE DB and facilitate creation of higher quality route filters, but also for instance use it as a reputation factor in spam scoring. These two options represent what currently is the lowest hanging fruit to improve in this problem space. Funny enough, neither of these items makes things more difficult for anyone involved, on the contrary - by making route: authorisation easier, _and_ showing what is authoritative data and what is not, we improve the security posture of the RIPE community. Kind regards, Job
- Previous message (by thread): [db-wg] Foreign ROUTE objects in RIPE Database - final decision?
- Next message (by thread): [db-wg] Foreign ROUTE objects in RIPE Database - final decision?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]