[routing-wg] Routing Reg. mess [was: Re: [anti-abuse-wg] Fwd: Hijack...]

Hi Wilfried,

finally someone responding to the problem presented. I was about to 
think that nobody cares anymore.

On 14/11/14 16:18, Wilfried Woeber wrote:
> Michael Horn wrote: (to anti-abuse-wg at ripe.net)
>
> [...]
>
>> will result in significant workload. Holy dingus, is this database a mess...
> And not just "this" one. The whole "Routing Registry" stuff is an incredible
> mess, and since years, actually. Not really a Numbers Registry failure or a
> negligence, but rather a multi-faceted mesh of FUD, History and Trade Secrets
> claimed.
>
> Let me try to collect some facts, at least according to my memory.
> Please correct me where I'm wrong...
>
> - not all 5 RIRs actually do support an IRR functionality.
>
> - the RPSL doc.set, back in the good old days, had some ideas and provisions
>    for integrating the 5 (or then, rather 3, iirc) pieces of Numbers Registries
>    into a single, global, consistent structure.
>    As Gert put it: it didn't fly.
>    Since then, we were putting band-aid over patch over whatever to deal with
>    that. The result is what we have before us, right now.
>
> - the whole system of creating objects, at least in the RIPE Region, has become
>    totally inconsistent. For an address block, where the RIPE DB is authoritative,
>    and an AS number, you need the credentials from both parties to register a route:
>    or route6: object.
>
>    for out-of-region authoritative entries, the dreaded maintainer was created, in
>    order to provide the (useless) 2nd auth: token.
>
>    For the RPKI stuff, again, there isn't a requirment for a second authentication
>    token, iirc not even a *notification* to the AS ref.d, when an RoA is created.
>    Anyone of you still thinks RPKI is going to be helpful here?
>    Bah, it's just going to give another false impression of credibility + new vectors
>    for errors and attacks.
>
>> -mh
> The only way(s) forward I can see are:
>
> - require manual approval of route: objects for the case of out-of-region registrations
sounds like an other patch, one that I would welcome as a temporary 
solution.
>
> - get the RPSL flaws fixed, the RFCs updated and then implemented
this will probably take years..
>
> - integrate the 5 Number Registries into a homogenous, distributed DB with consistent
>    authentication mechanisms
>
> - come up with a viable proposal for 1 (one!!) global routing registry that is
>    authoritative, up-todate and complete, used by all operators (yes, I know, it is
>    the wrong type of year /w a XMAS)
I've been asking myself for years why the RIRs can not, under the NRO, 
ASO, IANA, (?) umbrellas to come up with a unique registry (resource + 
routing).. It's not like the communities do not want/need it... Do we 
need to pass a global policy to ask the RIRs to work together? :-)

A single source of information is, at this moment, a dream.
> - try to do any or all of the above and do so without RPKI requirements. Please!
>
> Wilfried.
>
regards,
elvis