[db-wg] re-evaluate route-object authorisation model
- Previous message (by thread): [db-wg] re-evaluate route-object authorisation model
- Next message (by thread): [db-wg] re-evaluate route-object authorisation model
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Shane Kerr
shane at time-travellers.org
Wed May 13 12:15:33 CEST 2015
Job, I cannot think of a reason why ignoring the aut-num authorization would be bad. (Possibly a failure of imagination... I am not a hacker....) Answers to your questions: On Wed, 13 May 2015 11:24:58 +0200 Job Snijders <job at ntt.net> wrote: > - should the authorisation model work differently for RIPE managed > space versus non-RIPE managed space? Should we even continue to > allow route-objects covering non-RIPE managed space? I tend to think having a single authorization model makes more sense. I'm not sure, but there may be organizations that prefer a single place to manage all of their routes and also have space from other regions. Certainly the RIPE database is the best routing database among all the RIRs. > - should the authorisation model work differently when creating a > route-object for RIPE managed space with a non-RIPE managed > autnum? If yes, how so? See above. > - although in this idea the autnum owner is no longer required to > approve /creation/ of a route-object, would it be a good idea to > allow the autnum owner to /delete/ any route-object in which their > autnum is referenced as origin? Seems reasonable to me. Anything to keep the database clean sounds like a good idea. :) > - Is RFC 2725 the only reason why the authorisation model was > implemented as it was implemented, can someone remember practical > reasons for doing it this way? During the BoF it was pointed out > that any potential DoS vector already exists today. AFAIK, yes. Basically the RIPE Database was migrated from RIPE-181 to RPSL in 2000 or 2001 IIRC, and at that time RPSL auth was adopted roughly based on the RFC. Cheers, -- Shane
- Previous message (by thread): [db-wg] re-evaluate route-object authorisation model
- Next message (by thread): [db-wg] re-evaluate route-object authorisation model
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]