[db-wg] RIPE NONAUTH route(6) objects using unregistered space cleanup - deployment *today*

In message <CAKw1M3O2SmQLFQtnD=y+cypFjzV2G=OagAszRuysbXsV987k9w at mail.gmail.com>, 
=?UTF-8?Q?Cynthia_Revstr=C3=B6m?= <me at cynthia.re> wrote:

>I mainly wanted to give my initial take on the AS origin status part which
>is in short: I don't think we should clean up based on origin AS.
>This is as you do not need any technical authorization from the AS holder

I'm not sure what "technical authorization from the AS holder" has to do
with this.  BY DEFINITION, a route object that exists currently in the
data base and that makes reference to a bogon AS number -does not- have any
kind of authorization from the "AS holder" because -nobody- has been
assigned that ASN.

>Additionally, I don't think this is validated in RIPE AUTH, but I could be
>wrong on that part.

It is clear to me, based on my analysis so far, that nobody has -ever- been
verifying that any of the AS numbers mentioned in *any* route(6) objects
are non-bogus.  This seems to be true in the case of -both- the regular
data base and also within the NONAUTH data base.

>I might have a different opinion if it is a huge amount of objects that
>could be cleaned up...

As I previously noted, there currently exist on the order of about 80+
route objects within the regular data base that make reference to bogon
AS numbers.  Within the NONAUTH data base, there are on the order of
over 1,500+ of these.

So far, in my limited inspection of these, the vast majority of all of
these objects appear to be long-abandoned relics of an earlier age.
Some were even likely abandoned 20+ years ago, and they have just been
sitting and languishing in the data base, just waiting for some clever
miscreant to come along and start making massive mischief with them.

>Summary: I don't think it is a good idea unless it is either a very large
>amount of objects...

It is a substantial amount of objects, and it can be easily verified that
the overwheling majority of these rout objects DO NOT correspond to any
actual routing that is actually occurring on the Internet here in the year
2021. (I believe that some of the route(6) object in question even refer
to AS numbers that are, and that always have been, "reserved" AS numbers,
based upon long-established RFCs.)

>... or there is another good reason to do so.

It has been my long experience, especially over that past 20 years, that
there is essentially nothing that exists on or in relation to the Internet 
that creative miscreants will not find a way to treat as if it were an
unattended bicycle.  They routinely squat on stolen and/or unassigned
"bogon" IP address space, and also and likewise, they routinely make use
of stolen and/or abandoned AS numbers.  The existance, in the data base,
of route objects that refer to bogon AS numbers represents a kind of
invitation to such miscreants... enticing them to engage in untoward funny
business and in a way that could not then easily be attributed (since
nobody "owns" the AS numbers in question).

The bottom line is that if it was wise to remove route(6) objects from the
data base that made reference to unassigned IP address blocks... and I
believe that it most certainly was... then buy the exact same logic it is
also wise to remove from the data base all route(6) objecct that refer to
bogon ASNs.  The reasoning, the rationale, and the logic is the same in
both cases.


Regards,
rfg