[routing-wg]Relaxing rules in RPSLsecurity [was: [db-wg] Call for agenda items, DB-WG Meeting during RIPE53, Amsterdam]

["Wilfried Woeber, UniVie/ACOnet" Woeber@localhost]

My apologies for a silly typo that Rob pointed out to me :-(

Of course one of the lines shoukd read:
- to effectively make a (subset) of a P*A* block usable as PI

instead of:
- to effectively make a (subset) of a P*I* block usable as PI

I am sorry,
-WW
-------- Original Message --------
Subject: [routing-wg]Re: AW: [db-wg] Call for agenda items, DB-WG Meeting during RIPE53,
Amsterdam
Date: Thu, 14 Sep 2006 20:31:40 +0000
From: Wilfried Woeber, UniVie/ACOnet Woeber@localhost
Reply-To: Woeber@localhost
Organization: UniVie - ACOnet
To: Rob Evans rhe@localhost
CC: wh@localhost,  routing-wg@localhost
References: <PEEBJDDFEIDDDHIDOBKCEEJCFFAA.wh@localhost
<4509AE72.2020508@localhost <4509B750.1020407@localhost>

Rob Evans wrote:
[...]
> 1) A quick call for help in editing the document to create a proposal.
> 
> 2) If we've got a draft of a proposal by then, discussion on it.

[ NOT waering my DB-WG Chair hat right now, just my Security Team Member's hat ]

Any such document should be very clear and broad in describing the potential
security and/or operational impacts and risks incurred by relaxing the
established rules. (IRR Sanity and filter Configuration Tools)

Some stuff that occurs to me immediately is
- impact on ability to use (own or hi-jacked) IP-Address-Blocks for Spam-Runs,
- to get address blocks routed differently for the duration of DoS Attacks,
- to impede connectivity tracking mechanisms for Phishing Sites
- to punch more specific holes into a PA Block
- to claim customer relationship without a contract in place
- to effectively make a (subset) of a PI block usable as PI
- to cheat with eXchange Point Access Policy Requirements
- to ....

> Either way, we need to have someone willing to talk and an idea of how
> long you want to talk for! :-)
> 
> All the best,
> Rob

Another bout of CERT Paranoia maybe,
yours,
Wilfried.