[routing-wg]Relaxing rules in RPSLsecurity [was: [db-wg] Call for agenda items, DB-WG Meeting during RIPE53, Amsterdam]

My apologies for a silly typo that Rob pointed out to me :-(

Of course one of the lines shoukd read:
- to effectively make a (subset) of a P*A* block usable as PI

instead of:
- to effectively make a (subset) of a P*I* block usable as PI

I am sorry,
-WW
-------- Original Message --------
Subject: [routing-wg]Re: AW: [db-wg] Call for agenda items, DB-WG Meeting during RIPE53,
Amsterdam
Date: Thu, 14 Sep 2006 20:31:40 +0000
From: Wilfried Woeber, UniVie/ACOnet <Woeber at CC.UniVie.ac.at>
Reply-To: Woeber at CC.UniVie.ac.at
Organization: UniVie - ACOnet
To: Rob Evans <rhe at nosc.ja.net>
CC: wh at germany.com,  routing-wg at ripe.net
References: <PEEBJDDFEIDDDHIDOBKCEEJCFFAA.wh at germany.com>
<4509AE72.2020508 at CC.UniVie.ac.at> <4509B750.1020407 at nosc.ja.net>

Rob Evans wrote:
[...]
> 1) A quick call for help in editing the document to create a proposal.
> 
> 2) If we've got a draft of a proposal by then, discussion on it.

[ NOT waering my DB-WG Chair hat right now, just my Security Team Member's hat ]

Any such document should be very clear and broad in describing the potential
security and/or operational impacts and risks incurred by relaxing the
established rules. (IRR Sanity and filter Configuration Tools)

Some stuff that occurs to me immediately is
- impact on ability to use (own or hi-jacked) IP-Address-Blocks for Spam-Runs,
- to get address blocks routed differently for the duration of DoS Attacks,
- to impede connectivity tracking mechanisms for Phishing Sites
- to punch more specific holes into a PA Block
- to claim customer relationship without a contract in place
- to effectively make a (subset) of a PI block usable as PI
- to cheat with eXchange Point Access Policy Requirements
- to ....

> Either way, we need to have someone willing to talk and an idea of how
> long you want to talk for! :-)
> 
> All the best,
> Rob

Another bout of CERT Paranoia maybe,
yours,
Wilfried.