This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] Route object creation authorization
- Previous message (by thread): [routing-wg] Route object creation authorization
- Next message (by thread): [routing-wg] Route object creation authorization
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Havard Eidnes
he at uninett.no
Tue Apr 16 09:48:55 CEST 2019
Hi, Denis, thanks for your follow-up. > Firstly the 'forced delete' has nothing to do with the LIR > portal. It is also indifferent to the authentication option you > use (signed email, password, SSO). If you are the holder of an > allocation or PI assignment then you can delete a ROUTE object > for your resource or any more specific range using the MNTNER > authentication on the resource object. OK, so a "forced delete" is just a normal "delete" operation? Not sure then why it deserves the "forced" tag... > Why is authorisation still needed from a ROUTE object? I don't > know much about how you guys structure your routing, but purely > from the Database rules I can suggest this possible scenario > (although it may not apply in practise). Suppose an LIR makes a > sub-allocation to another organisation, but the LIR routes the > whole of their allocation including the sub-allocation. The > organisation holding the sub-allocation cannot choose to route > their sub-allocation without the consent of the LIR as to > create such a ROUTE object would need to be authorised by the > LIR's ROUTE object covering the whole allocation. That's normally what happens with PA address blocks. However, I still don't understand why authorization via an existing route object would be needed in that case -- all that would be needed to express the stated restriction is either mnt-lower or mnt-routes attributes in the enclosing address space object (inet{,6}num), which is typically held and maintained by the LIR. Best regards, - Håvard
- Previous message (by thread): [routing-wg] Route object creation authorization
- Next message (by thread): [routing-wg] Route object creation authorization
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]