4.3.2 Description of the IRT Object

Below is the object template for the irt object. It lists all possible attributes that are allowed in this object type.

Attribute Name   Presence   Repeat     Indexed
irt: mandatory single primary/lookup key
address: mandatory multiple
phone: optional multiple
fax-no: optional multiple
e-mail: mandatory multiple lookup key
signature: optional multiple
encryption: optional multiple
org: optional multiple inverse key
admin-c: mandatory multiple inverse key
tech-c: mandatory multiple inverse key
auth: mandatory multiple inverse key
remarks: optional multiple
irt-nfy: optional multiple inverse key
notify: optional multiple inverse key
mnt-by: mandatory multiple inverse key
created: generated single
last-modified: generated single
source: mandatory single

The irt object was introduced to represent a Computer Security Incident Response Team (CSIRT). It was later adapted to also handle general abuse complaints for any address space. Then, with the introduction of “abuse-c:”, the irt object is no longer required to handle the general abuse. It can revert back to the original purpose. The “abuse-mailbox:” attribute will be deprecated as part of the cleanup after fully deploying “abuse-c:”. This object includes security information for use by CSIRT teams as they communicate with each other.

The irt object may only be referenced from inetnum and inet6num objects to show which CSIRT is responsible for handling computer and network incidents for that address range. Use is made of the hierarchical nature of address space. Any reference in an inet(6)num object to an irt object applies not only to the referencing object but also to all more specific address space. So the more specific objects inherit the reference to the irt object. When querying address space for an irt reference, the query software takes account of this inheritance and queries up the hierarchy looking for the nearest applicable irt object reference. This information is returned when any more specific inet(6)num object is queried. Where irt references are made at multiple points in an address space hierarchy, the closest less specific reference applies.

Adding a reference to an irt object requires authorisation from the maintainer of the irt object. This is handled using the “auth:” attribute of the irt object. Although the reference to an irt object from an inet(6)num object is made using the “mnt-irt:” attribute, it should be clear that the irt object is not a mntner object. The irt object contains contact information and is more similar to a role object than a mntner object.

The contact details provided by an irt object must be business information and must not contain any personal information. Description of Attributes Specific to the IRT Object

  • "irt:" – This attribute is a single word name for the response team starting with ‘IRT-‘.
  • “address:” - This is a full postal address for the business contact represented by this irt object.
  • “phone:” – This is a phone number for the business contact represented by this irt object. It specifies a telephone number in international format. It must start with a '+' followed by the international country code, area code and number, optionally followed by an extension number.
  • “fax-no: - This is a fax number for the business contact represented by this irt object.
  • “e-mail:” – This is an email address of a business role, organisation or CSIRT team represented by this irt object.
  • “signature:” – This attribute references a key-cert object in the RIPE Database representing a public key used by the CSIRT team to sign their correspondence.
  • “encryption:” – This attribute references a key-cert object in the RIPE Database representing a public key used to encrypt correspondence sent to the CSIRT team.
  • “auth:” – This attribute defines the authentication scheme to be used to authorise the addition of a reference to this irt object. It has the same authentication options as described in the the sub-section 'Description of the mntner Object'.
  • “irt-nfy:” – This attribute specifies a business email address to be notified when a reference to this irt object is added or removed.