This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[routing-wg] Routing Reg. mess [was: Re: [anti-abuse-wg] Fwd: Hijack...]
- Previous message (by thread): [routing-wg] FW: FW: FW: discussion about rogue database objects
- Next message (by thread): [routing-wg] Routing Reg. mess [was: Re: [anti-abuse-wg] Fwd: Hijack...]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Wilfried Woeber
Woeber at CC.UniVie.ac.at
Fri Nov 14 16:18:30 CET 2014
Michael Horn wrote: (to anti-abuse-wg at ripe.net) [...] > will result in significant workload. Holy dingus, is this database a mess... And not just "this" one. The whole "Routing Registry" stuff is an incredible mess, and since years, actually. Not really a Numbers Registry failure or a negligence, but rather a multi-faceted mesh of FUD, History and Trade Secrets claimed. Let me try to collect some facts, at least according to my memory. Please correct me where I'm wrong... - not all 5 RIRs actually do support an IRR functionality. - the RPSL doc.set, back in the good old days, had some ideas and provisions for integrating the 5 (or then, rather 3, iirc) pieces of Numbers Registries into a single, global, consistent structure. As Gert put it: it didn't fly. Since then, we were putting band-aid over patch over whatever to deal with that. The result is what we have before us, right now. - the whole system of creating objects, at least in the RIPE Region, has become totally inconsistent. For an address block, where the RIPE DB is authoritative, and an AS number, you need the credentials from both parties to register a route: or route6: object. for out-of-region authoritative entries, the dreaded maintainer was created, in order to provide the (useless) 2nd auth: token. For the RPKI stuff, again, there isn't a requirment for a second authentication token, iirc not even a *notification* to the AS ref.d, when an RoA is created. Anyone of you still thinks RPKI is going to be helpful here? Bah, it's just going to give another false impression of credibility + new vectors for errors and attacks. > -mh The only way(s) forward I can see are: - require manual approval of route: objects for the case of out-of-region registrations - get the RPSL flaws fixed, the RFCs updated and then implemented - integrate the 5 Number Registries into a homogenous, distributed DB with consistent authentication mechanisms - come up with a viable proposal for 1 (one!!) global routing registry that is authoritative, up-todate and complete, used by all operators (yes, I know, it is the wrong type of year /w a XMAS) - try to do any or all of the above and do so without RPKI requirements. Please! Wilfried.
- Previous message (by thread): [routing-wg] FW: FW: FW: discussion about rogue database objects
- Next message (by thread): [routing-wg] Routing Reg. mess [was: Re: [anti-abuse-wg] Fwd: Hijack...]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]