This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] A test on AFRINIC range announcing without RIPE route object
- Previous message (by thread): [db-wg] A test on AFRINIC range announcing without RIPE route object
- Next message (by thread): [db-wg] A test on AFRINIC range announcing without RIPE route object
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sean Stuart
sean.stuart at gmail.com
Thu Jun 14 15:51:59 CEST 2018
I personally think the highest priority for RIPE should be to clean up the security of the RIPE database to reduce the ability to use it for undesired purposes. Once the database is locked down to ensure that only authenticated RIPE members can register space that is registered to them, then we can look at ways to make it easier for members with space from multiple regions. Until then, as Job pointed out, there are IRR’s available to manage announcements of space consistently globally. > On Jun 13, 2018, at 8:03 AM, Lu Heng via db-wg <db-wg at ripe.net> wrote: > > The ultimate discussion should be, and will be, is it RIPE net or internet? > > I am saying the current situation will break network by forbidding change it, and it is network we break, really doesn’t matter where it is which registry it from. > > We are victims of massive hijacking, many of my space get registered without our knowledge as well, we spend time and money monitoring ripe dB for none authorised registration as well, I wish I don’t have to do it, I wish Afrinic IRR can function properly tomorrow, but until then, now ripe dB is our most visiable solution. > > I hope we can make effect together to get Afrinic fix their IRR, it is internet, it’s not just “Afrinic people business”, it is all of us’s business, internet is one. > > And until then, I think there is not enough consensus from the community to implement this change in the future. I would > like to ask the chair, how can we ask RIPE to pause this implementation? > > > >> On Wed, Jun 13, 2018 at 19:11 Job Snijders <job at instituut.net> wrote: >> On Wed, Jun 13, 2018 at 10:56 AM, Lu Heng <h.lu at anytimechinese.com> wrote: >> > Internet is one, and this is a general problem of all Afrinic space, just >> > don’t make it personal please. >> >> I didn't intend to make anything personal, so phrased differently: >> What you highlight is ultimately a problem between AfriNIC members and >> the AfriNIC organisation. >> >> > I hope Afrinic fix it rather soon that way every thing works, until then, >> > prevent network change is one way of breaking it. >> >> I am sympathetic, but RIPE has no obligation to keep a glaring >> security hole open to accommodate another RIR's lack of expedience. >> >> As I mentioned at the microphone at the last DB-WG session, right now >> I can simply register ALL not-yet-registered IP space in the RIPE NCC >> database and in doing so lock out anyone else from making any >> registrations for non-RIPE-managed space. There is nothing in place to >> stop anyone from doing so, this would immediately fix the security >> problem. I hope this both illustrates the size of the security hole >> and the problem of any business process relying on the existence of >> the hole. >> >> Kind regards, >> >> Job > -- > -- > Kind regards. > Lu > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/db-wg/attachments/20180614/878db462/attachment.html>
- Previous message (by thread): [db-wg] A test on AFRINIC range announcing without RIPE route object
- Next message (by thread): [db-wg] A test on AFRINIC range announcing without RIPE route object
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]