[routing-wg]Relaxing rules in RPSLsecurity [was: [db-wg] Call for agenda items, DB-WG Meeting during RIPE53, Amsterdam]
Wilfried Woeber, UniVie/ACOnet Woeber at CC.UniVie.ac.at
Thu Sep 14 22:54:47 CEST 2006
My apologies for a silly typo that Rob pointed out to me :-( Of course one of the lines shoukd read: - to effectively make a (subset) of a P*A* block usable as PI instead of: - to effectively make a (subset) of a P*I* block usable as PI I am sorry, -WW -------- Original Message -------- Subject: [routing-wg]Re: AW: [db-wg] Call for agenda items, DB-WG Meeting during RIPE53, Amsterdam Date: Thu, 14 Sep 2006 20:31:40 +0000 From: Wilfried Woeber, UniVie/ACOnet <Woeber at CC.UniVie.ac.at> Reply-To: Woeber at CC.UniVie.ac.at Organization: UniVie - ACOnet To: Rob Evans <rhe at nosc.ja.net> CC: wh at germany.com, routing-wg at ripe.net References: <PEEBJDDFEIDDDHIDOBKCEEJCFFAA.wh at germany.com> <4509AE72.2020508 at CC.UniVie.ac.at> <4509B750.1020407 at nosc.ja.net> Rob Evans wrote: [...] > 1) A quick call for help in editing the document to create a proposal. > > 2) If we've got a draft of a proposal by then, discussion on it. [ NOT waering my DB-WG Chair hat right now, just my Security Team Member's hat ] Any such document should be very clear and broad in describing the potential security and/or operational impacts and risks incurred by relaxing the established rules. (IRR Sanity and filter Configuration Tools) Some stuff that occurs to me immediately is - impact on ability to use (own or hi-jacked) IP-Address-Blocks for Spam-Runs, - to get address blocks routed differently for the duration of DoS Attacks, - to impede connectivity tracking mechanisms for Phishing Sites - to punch more specific holes into a PA Block - to claim customer relationship without a contract in place - to effectively make a (subset) of a PI block usable as PI - to cheat with eXchange Point Access Policy Requirements - to .... > Either way, we need to have someone willing to talk and an idea of how > long you want to talk for! :-) > > All the best, > Rob Another bout of CERT Paranoia maybe, yours, Wilfried.