This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[routing-wg] Notification/authorisation of references to aut-num from other RPSL objects
- Previous message (by thread): [routing-wg] Notification/authorisation of references to aut-num from other RPSL objects
- Next message (by thread): [routing-wg] Notification/authorisation of references to aut-num from other RPSL objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Job Snijders
job at instituut.net
Tue Jun 10 13:25:32 CEST 2014
On Mon, Jun 09, 2014 at 04:11:35PM +0200, João Damas wrote: > On 09 Jun 2014, at 15:53, Hank Nussbacher <hank at efes.iucc.ac.il> > wrote: > > > On a related matter, is it possible currently to setup my aut-num > > that if anyone adds my autnum to their import/export/as-set objects > > I would receive a notification about it? Currently the "notify" > > field only informs me of changes to the specific aut-num, not people > > who reference my aut-num w/o my permission? > > > > If this is not feasible with the system today, would it be possible > > to add this feature? I'll explain the rationale: we have recently > > discovered that hostile aut-num's that intend to perform a BGP > > hijack, will add the victims aut-num to their routing policy or to > > their unsuspecting upstream. This policy is then picked up as > > legitimate and propogated. By having a "notify-on-policy" email > > address field, I would be able to quickly see who is planning on > > hijacking my IP ranges. > > This sounds like a reasonable thing to do to me. In fact, now that > this has been mentioned it does sound like an obvious thing and I > wonder what took the hostile aut-num’s so long to subvert the intent > of the those fields. I think some notification feature would be nice to have, but we need to figure out what and when we expect notifications. I propose we dub the attribute for nice alignment with existing attributes: notify-on-ref: <email-address> optional, multi-valued Questions: - do you want a notification each time an object is updated and has a reference to your object? - or do you only want notifications when a reference inititally is added to an object? (spares you a daily mailbomb for daily updated objects) - do you want a notification when the reference is removed from an object? - In what classes do you want to set a notify-on-ref attribute? (I think initially aut-num, as-set, rs-set) - do we want the notify-on-ref email addresses to be set to unread at ripe.net upon NRTM/ftp export? Regarding authorisation, for me requiring authorisation to reference a given object is a bridge too far at this point in time. Quite some operators automatically generate an autnum, route-sets & as-sets on a daily basis to reject their policy, and I don't see an easy way to make this a painless adventure. Let's first do notifications and based on those experiences look further. ok? Kind regards, Job
- Previous message (by thread): [routing-wg] Notification/authorisation of references to aut-num from other RPSL objects
- Next message (by thread): [routing-wg] Notification/authorisation of references to aut-num from other RPSL objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]