This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[ncc-services-wg] 2016-02 New Policy Proposal (Resource Authentication Key ( RAK ) code for third party authentication)
- Previous message (by thread): [ncc-services-wg] 2016-02 New Policy Proposal (Resource Authentication Key ( RAK ) code for third party authentication)
- Next message (by thread): [ncc-services-wg] RIPE Policy Proposal 2016-03 Affects Certification for Allocations from IPv4 Pool
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Erik Bais
ebais at a2b-internet.com
Mon May 2 17:56:02 CEST 2016
On Mon, May 02, 2016 at 02:26:46PM +0200, Gert Doering wrote: > [..] On Mon, May 02, 2016 at 02:02:39PM +0000, Erik Bais wrote: >> The goal is to limit the options so that spammers can't initiate >> hijacks ... So there is a common goal .. >I still fail to see why this new technical mechanism is better than the >existing mechanism (RPKI, at least, and possibly route/route6 objects), >*and* why these database operators would actually *use* them, if they >fail to do verification today for the existing and easy cases. The issue with RPKI .. is that that not everything is signed ... Another issue due to the distributed options in RPKI, one can run their own certification environment.. The intention is to use a system that would fix it for the all IP resources within a single region (RIPE in this example) in order to close idiotic input into those DB's.... Yes, there is currently garbage in some of those databases.. I'm personally still waiting on a reply from the Savvy DB maintainers for a ticket update send 2 months ago .. perhaps longer .. If the third party database isn't updating to the new way of authorizing prefixes to the originating RIR and not doing any housekeeping on expired objects ... their usefulness is close to zero for future use and inclusion in any prefix filter development that is in the future. I would personally like to see future developments of bgpq3 or the IRR Toolset to limit their default inclusion to those DB's that actually validate input ... >OTOH, some evidence of buy-in from L3, RADB, etc. that this is something >they are only waiting for and stuff will get implemented quickly >afterwards would convince me that it's a good thing :-) Agree, I think that this would indeed be a good thing ... Regards, Erik Bais
- Previous message (by thread): [ncc-services-wg] 2016-02 New Policy Proposal (Resource Authentication Key ( RAK ) code for third party authentication)
- Next message (by thread): [ncc-services-wg] RIPE Policy Proposal 2016-03 Affects Certification for Allocations from IPv4 Pool
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]