Hi Job
From: Job Snijders via db-wg <[email protected]>
To: Lu Heng <[email protected]>
Cc: Database WG <[email protected]>
Sent: Wednesday, 13 June 2018, 12:52
Subject: Re: [db-wg] A test on AFRINIC range announcing without RIPE route
object
>>
>> In conclusion, If you employ a non-Afrinic asn for announcements
>> (which means a foreign asn), using RIPE’s route object will be the
>> only choice for you unless you are one of those big telecoms which has
>> the liberty to announce anything as they wish.
> This is not correct, you can also use RADB, NTTCOM, LEVEL3, or ALTDB,
> etc. RIPE is/was not an exclusive provider for this type of service.
(wearing my devil's advocate hat)...
So are you saying all these other databases offer the same service with the
same security risk that we are about to remove from the RIPE Database? None of
these databases have any authorisation link to any of the RIR's address
registries. So can anyone create bogus ROUTE objects in these databases for any
address space? Suggesting that people can use these databases implies that
their contents are taken seriously, including any bogus ROUTE objects. So by
closing down this service in the RIPE Database are we solving a problem
(closing a security hole) or just moving the problem somewhere else?
Ideally all 5 RIRs should operate an IRR with authorisation linked to the
address registrations and not required from any ASN. Then we would have a place
to put ROUTE objects that can be trusted.
cheersdenisco-chair DB-WG
