Sascha Luck [ml] via db-wg wrote on 13/06/2018 12:39:
Secondly, there is an unintended consequence to this, namely
that, if you make it impossible for a segment of resource holders
to register their routes properly, some transit providers and
IXPs will have no choice but to accept their advertisements
anyway without any filter. How that improves 'security', I don't
know.

there's nothing stopping people from contacting Afrinic to fix this problem or in a pinch, registering their routes in RADB.

I'd be more sympathetic to being lax about this if the RIPE IRRDB weren't constantly targeted for abuse and if there weren't a stream of malicious bgp injection attacks which used fraudulent registrations in the RIPE IRRDB.

Just like open smtp relays, open DNS resolvers and open NTP servers, a tiny number of people abuse open systems to the detriment of others. Like you, I view the situation as being both tragic and self-destructive, but as internet operators we have an obligation to ensure that we don't end up with a tragedy of the commons situation where the value of the IRRDBs is permanently destroyed by persistent abusers.

Closing off access to the third party registrations in the RIPE IRRDB the lesser of the two evils, and it's deeply unfortunate that that we've been backed into this corner.

Nick

Reply via email to