[routing-wg] Notification/authorisation of references to aut-num from other RPSL objects

> I propose we dub the attribute for nice alignment with existing
> attributes:
> 
>    notify-on-ref: <email-address>      optional, multi-valued
> 
> Questions:
> 
>    - do you want a notification each time an object is updated and has
>      a reference to your object?
> No
>    - or do you only want notifications when a reference inititally is
>      added to an object? (spares you a daily mailbomb for daily updated
>      objects)
> Yes
>    - do you want a notification when the reference is removed from an
>      object?
> Yes
>    - In what classes do you want to set a notify-on-ref attribute? (I
>      think initially aut-num, as-set, rs-set)
> Agree
>    - do we want the notify-on-ref email addresses to be set to
>      unread at ripe.net upon NRTM/ftp export?
Ok
Andreas Larsen
IP-Only AB | Postadress: 753 81 UPPSALA | Besöksadress Uppsala: S:t Persg 6
Besöksadress Stockholm: N Stationsg 69 | Vxl: +46 18 843 10 00 | Mobil +46 70 843 10 56
www.ip-only.se

10 jun 2014 kl. 13:25 skrev Job Snijders <job at instituut.net>:

> On Mon, Jun 09, 2014 at 04:11:35PM +0200, João Damas wrote:
>> On 09 Jun 2014, at 15:53, Hank Nussbacher <hank at efes.iucc.ac.il>
>> wrote:
>> 
>>> On a related matter, is it possible currently to setup my aut-num
>>> that if anyone adds my autnum to their import/export/as-set objects
>>> I would receive a notification about it?  Currently the "notify"
>>> field only informs me of changes to the specific aut-num, not people
>>> who reference my aut-num w/o my permission?
>>> 
>>> If  this is not feasible with the system today, would it be possible
>>> to add this feature?  I'll explain the rationale: we have recently
>>> discovered that hostile aut-num's that intend to perform a BGP
>>> hijack, will add the victims aut-num to their routing policy or to
>>> their unsuspecting upstream.  This policy is then picked up as
>>> legitimate and propogated.  By having a "notify-on-policy" email
>>> address field, I would be able to quickly see who is planning on
>>> hijacking my IP ranges.
>> 
>> This sounds like a reasonable thing to do to me. In fact, now that
>> this has been mentioned it does sound like an obvious thing and I
>> wonder what took the hostile aut-num’s so long to subvert the intent
>> of the those fields.
> 
> I think some notification feature would be nice to have, but we need to
> figure out what and when we expect notifications. 
> 
> I propose we dub the attribute for nice alignment with existing
> attributes:
> 
>    notify-on-ref: <email-address>      optional, multi-valued
> 
> Questions:
> 
>    - do you want a notification each time an object is updated and has
>      a reference to your object?
> 
>    - or do you only want notifications when a reference inititally is
>      added to an object? (spares you a daily mailbomb for daily updated
>      objects)
> 
>    - do you want a notification when the reference is removed from an
>      object?
> 
>    - In what classes do you want to set a notify-on-ref attribute? (I
>      think initially aut-num, as-set, rs-set)
> 
>    - do we want the notify-on-ref email addresses to be set to
>      unread at ripe.net upon NRTM/ftp export?
> 
> Regarding authorisation, for me requiring authorisation to reference a
> given object is a bridge too far at this point in time. Quite some
> operators automatically generate an autnum, route-sets & as-sets on a
> daily basis to reject their policy, and I don't see an easy way to make
> this a painless adventure. Let's first do notifications and based on
> those experiences look further. ok?
> 
> Kind regards,
> 
> Job
>