--- Begin Message ---
On Tue, 2017-07-18 at 15:26 +0200, Nick Hilliard via db-wg wrote:
>
> I am not in favour of having the RIPE database as an open-access
> database on the basis that this mixes up two sets of data,
> authoritative
> and non-authoritative, and it it is impossible for someone casually
> querying the database to determine which is which.
>
> Some people are inserting random route: objects into the database, and
> those route: objects are being picked up by provisioning systems and
> ending up configured on routers and IXP route servers. This enables
> prefix hijacking, which is a pressing operational issue.
I agree with Nick's position. It legitimates what seems to be rogue
announcements, like for example 196.16.0.0/14, as mentionned recently on
the NANOG mailing list (*).
We should, IMHO not be able to insert out of region route(6) object
without having a prior authentication mechanism, or making it be
specially flagged, so the auto ACL system from upstreams wouldnt match
it.
(*) https://mailman.nanog.org/pipermail/nanog/2017-August/091954.html
--
Clément Cavadore
signature.asc
Description: This is a digitally signed message part
--- End Message ---
