Hi, On Tue, Aug 20, 2024 at 01:11:40PM +0100, Nick Hilliard wrote: > Wessel Sandkuijl wrote on 20/08/2024 12:51: > > I think this is something that can be improved. I suggest > > implementing the option to force-delete a route(6) object as ASN > > resource holder. This saves both the resource holder and RIPE NCC > > valuable time. > there's definitely an issue here, but I wonder if the authorisation model is > opened up a bit, whether that would open up a can of worms (e.g. if you can > auth a delete, why shouldn't you be able auth a create?).
Well, "auth a create" opens the door to hijacks.
"auth a delete" would possibly open the door to a DoS attack if a legitime
route: object is deleted - but then, such an object would usually be a
customer, so why would you do that?
I'm not seeing anything obvious how to abuse force-delete route/route6:
objects in this scenario, but my imagination is limited.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Ingo Lalla,
Karin Schuler, Sebastian Cler
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
signature.asc
Description: PGP signature
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/db-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
