This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] Notification/authorisation of references to aut-num from other RPSL objects
- Previous message (by thread): [routing-wg] Notification/authorisation of references to aut-num from other RPSL objects
- Next message (by thread): [routing-wg] [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andreas Larsen
andreas.larsen at ip-only.se
Wed Jun 11 16:59:23 CEST 2014
> I propose we dub the attribute for nice alignment with existing > attributes: > > notify-on-ref: <email-address> optional, multi-valued > > Questions: > > - do you want a notification each time an object is updated and has > a reference to your object? > No > - or do you only want notifications when a reference inititally is > added to an object? (spares you a daily mailbomb for daily updated > objects) > Yes > - do you want a notification when the reference is removed from an > object? > Yes > - In what classes do you want to set a notify-on-ref attribute? (I > think initially aut-num, as-set, rs-set) > Agree > - do we want the notify-on-ref email addresses to be set to > unread at ripe.net upon NRTM/ftp export? Ok Andreas Larsen IP-Only AB | Postadress: 753 81 UPPSALA | Besöksadress Uppsala: S:t Persg 6 Besöksadress Stockholm: N Stationsg 69 | Vxl: +46 18 843 10 00 | Mobil +46 70 843 10 56 www.ip-only.se 10 jun 2014 kl. 13:25 skrev Job Snijders <job at instituut.net>: > On Mon, Jun 09, 2014 at 04:11:35PM +0200, João Damas wrote: >> On 09 Jun 2014, at 15:53, Hank Nussbacher <hank at efes.iucc.ac.il> >> wrote: >> >>> On a related matter, is it possible currently to setup my aut-num >>> that if anyone adds my autnum to their import/export/as-set objects >>> I would receive a notification about it? Currently the "notify" >>> field only informs me of changes to the specific aut-num, not people >>> who reference my aut-num w/o my permission? >>> >>> If this is not feasible with the system today, would it be possible >>> to add this feature? I'll explain the rationale: we have recently >>> discovered that hostile aut-num's that intend to perform a BGP >>> hijack, will add the victims aut-num to their routing policy or to >>> their unsuspecting upstream. This policy is then picked up as >>> legitimate and propogated. By having a "notify-on-policy" email >>> address field, I would be able to quickly see who is planning on >>> hijacking my IP ranges. >> >> This sounds like a reasonable thing to do to me. In fact, now that >> this has been mentioned it does sound like an obvious thing and I >> wonder what took the hostile aut-num’s so long to subvert the intent >> of the those fields. > > I think some notification feature would be nice to have, but we need to > figure out what and when we expect notifications. > > I propose we dub the attribute for nice alignment with existing > attributes: > > notify-on-ref: <email-address> optional, multi-valued > > Questions: > > - do you want a notification each time an object is updated and has > a reference to your object? > > - or do you only want notifications when a reference inititally is > added to an object? (spares you a daily mailbomb for daily updated > objects) > > - do you want a notification when the reference is removed from an > object? > > - In what classes do you want to set a notify-on-ref attribute? (I > think initially aut-num, as-set, rs-set) > > - do we want the notify-on-ref email addresses to be set to > unread at ripe.net upon NRTM/ftp export? > > Regarding authorisation, for me requiring authorisation to reference a > given object is a bridge too far at this point in time. Quite some > operators automatically generate an autnum, route-sets & as-sets on a > daily basis to reject their policy, and I don't see an easy way to make > this a painless adventure. Let's first do notifications and based on > those experiences look further. ok? > > Kind regards, > > Job >
- Previous message (by thread): [routing-wg] Notification/authorisation of references to aut-num from other RPSL objects
- Next message (by thread): [routing-wg] [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]