Frank Gadegast <ripe-anti-spam-wg@powerweb.de> wrote:
Brian said there was some discussion in the Address Policy Working Group about certified routing and revocation of certificates. He said that at the moment there was no real way to stop routing in this way because people route what they want to route.
This might be true, but removing networks from RIPEs databases will also remove all reverse mapping and nameserver entries, right?
It certainly should.
No mailserver, that is configured to fight only a bit against spam accepts mail from IPs without a working reverse mapping. So, if RIPE ever wants to punish network abusers, thats an easy way of doing it
RIPE has no role to punish network abusers. RIPE should have a role to take appropriate action against those who abuse RIPE's resources. That would include providing false identity or configuration details in connection with a request for network resources. Those are the cases where revocation of those resources is needed - and of course the routing data would then have to be removed as a result. What is worth bearing in mind is that a revoked allocation should show up in IP-WHOIS as REVOKED for a given period of time after revocation. Otherwise we get the vexing situation where an abuser asks an ISP to route his IP block and tells the ISP, when they check RIPE's WHOIS and see "not found", "Oh dear, looks like the RIPE database isn't working. "Revoked" must be clearly visible. For example, nobody really knows why AS43074 and 193.109.246.0/23 are no longer in the RIPE database. But AS43074 (announcing 193.109.246.0/23) is being routed by STARNET in Moldova and bringing you all the lovely Zeus malware and similar. Network Next Hop Path *> 193.109.246.0/23 208.74.64.40 3257 31252 43074 i Unfortunately removing rDNS etc won't stop that malware spreading. -- Richard