This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] A test on AFRINIC range announcing without RIPE route object
- Previous message (by thread): [db-wg] A test on AFRINIC range announcing without RIPE route object
- Next message (by thread): [db-wg] A test on AFRINIC range announcing without RIPE route object
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sascha Luck [ml]
dbwg at c4inet.net
Wed Jun 13 13:39:49 CEST 2018
On Wed, Jun 13, 2018 at 11:11:09AM +0000, Job Snijders via db-wg wrote: >I am sympathetic, but RIPE has no obligation to keep a glaring >security hole open to accommodate another RIR's lack of expedience. There was a time when it would have been seen as the obligation of any RIR to keep the internet running as smoothly as possible. This boat seems to have sailed and not just in an internet context. This paradigm shift mirrors one in general society as well, where it has become acceptable to cause any amount of pain and inconvenience to the general population in the name of 'security'... Secondly, there is an unintended consequence to this, namely that, if you make it impossible for a segment of resource holders to register their routes properly, some transit providers and IXPs will have no choice but to accept their advertisements anyway without any filter. How that improves 'security', I don't know. IMO such actions should be delayed until there is a mechanism for every resource holder to register their advertisements properly, no matter where they are. Presumably this is something the RIRs themselves could be pushing as they are coordinating among themselves and with ICANN anyway. rgds, Sascha Luck > >As I mentioned at the microphone at the last DB-WG session, right now >I can simply register ALL not-yet-registered IP space in the RIPE NCC >database and in doing so lock out anyone else from making any >registrations for non-RIPE-managed space. There is nothing in place to >stop anyone from doing so, this would immediately fix the security >problem. I hope this both illustrates the size of the security hole >and the problem of any business process relying on the existence of >the hole. > >Kind regards, > >Job >
- Previous message (by thread): [db-wg] A test on AFRINIC range announcing without RIPE route object
- Next message (by thread): [db-wg] A test on AFRINIC range announcing without RIPE route object
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]