>> Denis, do you remember *why* that is the rule? > > RFC2725, section 9.9. > > He says, retiring to a safe distance... :)
Heh. Well, first off, the rule specified in the RFC to require authentication via the origin aut-num object has been abolished, so that doesn't apply. Secondly, is it just me that find the RFC to be sorely lacking in justification for *why* the maintainer of an exact matching route object should be used in preference to the inetnum hierarchy maintainers? It just says "this will be used first", not why, neither in section 9.9 nor in appendix C that I can see. Also, the fact that such a "blocking" route object can be "forcefully deleted" (via some "special" operation?) based solely on the inetnum hierarchy maintainers is an indication that this whole matter hasn't been properly thought through and made consistent, and this workaround just sounds like a massive kludge which complicates matters instead of simplifying them. Also, it does not exactly help that the error message you get when trying to add a new route object "could be improved". Regards, - Håvard
