- db-wg - mailman.ripe.net

NCC Update and Request for Input
by Carol Orange 07 Mar '97

07 Mar '97

Hi Folks, The intention of this mail is to give you a short update of the current efforts taking place at the RIPE NCC with respect to database development and maintenance and to gather your input in setting our priorities for the spring of '97 which to our great relief is finally showing its face - even here in Amsterdam! As promised, we are hard at work getting the components in place to give you verbose object descriptions with a new whois flag. You can expect an announcement for this service in the very near future. Simultaneously, we are working on a number of bug fixes and minor requests. For example, we now allow the use of 4 digit years in the changed field. As promised, we are working towards a complete and revised version of the RIPE database documentation (ripe-153) which will include some new sections and appendices as well as reflect the feedback received from the user community. The comments received to date have been greatly appreciated and will be reflected in the next version. Feedback is still welcome and desired, so if you've got comments, do send them along. To prioritize our further activities in the spring of 1997, we would appreciate your input on the direction of database development which is most important in your view. At the meeting of the Database working group at the RIPE-26 meeting in January, I gave a presentation on the current list of open issues regarding the RIPE database. The slides in which the various items are described are posted in the following places: http://www.ripe.net/meetings/ripe/ripe-26/pres/db-update/ ftp://ftp.ripe.net/ripe/presentations/ripe-m26-orange-dbupdate.ps.gz At that meeting, noone could think of items of concern which were not already on the list. During the course of the discussion, we classified each issue as one of: A) just do it, and B) needs further discussion I promised to post the items under (A) for priority setting and under (B) for discussion. In this mail, I'd like to ask for your input on which items in the "To do" category (A) have your highest priority. To prevent excessive traffic, please send your response directly to me (orange(a)ripe.net). I will post the results I've received in the week of March 17, and the corresponding action plan we will follow at the NCC during the coming months. Greetings, Carol ------------------------------------------------------------------- * * * V O T E H E R E * * * In the following, I give a short description of each work item. The numbering is consistent with those in the presentation slides. Thus there are gaps in the numbering for those open issues which need further discussion (B). In the following list, please assign a score to *exactly 5* of the items. Give a 1 to that which is most import to you, 2 to the next most important 3 4 5 for what you would like to see, but with a lower priority. You can use each of the above scores exactly once in the list below. If you have any questions, just send them to me. ________________________ | | Please respond before * Friday, March 14, 1997 * |________________________| Here is the list then: [ ] 3. Check the content of admin-c field during the creation and modification of objects to assure the content refers to a person object (and not a role). [ ] 4. Take steps to remove obvious garbage (e.g. "see remarks") from the admin-c, tech-c, and zone-c fields. In general, such fields should contain a valid NIC handle referring to a person or role object. However, which NIC handles are valid is not always obvious in a global registry and that definition falls under one of the open issues. [ ] 7. Hierarchical authorization in the routing registry. Note: this item depends on a clear definition on how the hierarchy should be defined. It was however decided that as soon as the Routing WG comes with a definition with which they are satisfied, it should "just be" implemented, without further discussion by the Database WG. [ ] 8. Hierarchical notification in the routing registry. This would be a notification method which would allow someone to be notified when routes are announced. Please see notes under number 7 above. [ ] 9. Currently insufficient information is sent to the person in a "notify" field when an object is modified by that person. It was decided that complete information on the modification should be sent to the person in the notify field, regardless of the options used to send it, and regardless of who made the changes. This is primarily to facility consistent administrative services. If the person in the notify field made the update, only one message should be sent, but it should contain all information. [ ] 12. Implement (borrow) extended as-in/as-out features described by Cengiz Alaettingoglu in the RPSL draft: ftp://ftp.ripe.net/internet-drafts/draft-ietf-rps-rpsl-00.txt [ ] 13. In response to whois queries, show the name associated with the NIC handle admin-c, tech-c, and zone-c fields. [ ] 17. When objects are created or updated, check the validity of all referenced objects, before accepting the modification. [ ] 21. Logging of syntax errors to collect information which might be used to improve the user interface. [ ] 22. Track object history including UTC time zone, and as accurately as possible, who made the change. [ ] 23. Define and implement a referral mechanism for TLDs. [ ] 24. Verbose object descriptions with "whois -tv". This is underway, and on the list for completion. [ ] 25. Syntactic cleanup: remove ripe-181 line continuation.

1 0

route obj & notifications
by Schmitz＠RUS.Uni-Stuttgart.DE 14 Feb '97

14 Feb '97

Dear colleagues, yes, it is me again ;-) asking for comments on another element of hierarchical authorisation for route objects: The idea is to use a prefix based hierarchical scheme just as it is used for inetnum objects. However, it turned out that there are several difficulties in it. So, to get started the consensus at the wg session was: *not* to enforce a prefix based hierarchical scheme until these difficulties are solved, but instead generate notifications only. There are several proposals out there for notifications - to notify only if it is requested (by adding "notify" attributes to objects) - to leave inetnum objects out for the time being until their relation to route objects is clearly defined - notifications should only be done for creation of route objects not for changes or deletions (to prevent mail floods) - probably, the creator of route objects should also be notified of notifications for coordination purposes What are your feelings about this? Yes, no, maybe, missing items? Your comments are welcome! For further reference read/attack/tear apart/abuse the compilation at http://www.ripe.net/wg/routing/haro-d.html Regards Joachim _____________________________________________________________________________ Dr. Joachim Schmitz schmitz(a)noc.dfn.de DFN Network Operation Center Rechenzentrum der Universitaet Stuttgart ++ 711 685 5553 voice Allmandring 30 ++ 711 678 8363 FAX D-70550 Stuttgart FRG (Germany) _____________________________________________________________________________

1 0

route & aut-num objects
by Schmitz＠RUS.Uni-Stuttgart.DE 14 Feb '97

14 Feb '97

Dear colleagues, let's start with a very easy thing near to solution with hierarchical authorisation for route objects: the relation to aut-num objects. A route object references several other objects. Important to us are the references to the maintainer and the aut-num object (both are mandatory attributes of the route object): route: [mandatory] [single] descr: [mandatory] [multiple] origin: [mandatory] [single] ----> points to aut-num object ... mnt-by: [mandatory] [multiple] ----> points to mntner object changed: [mandatory] [multiple] source: [mandatory] [single] The aut-num object also contains a mandatory reference to a maintainer object. Up to now, the maintainers referenced in route object and aut-num object of same origin need not be the same. For hierarchical authorisation it would be nice to introduce a "mnt-lower" attribute in the aut-num object defining which maintainers may create route objects for the AS of the corresponding aut-num object. This allows control of one AS which parties may generate route objects with its origin. We already had consensus in the wg session that this is needed but did not yet decide precisely how to do it. The idea of using a "mnt-lower" attribute came up and I think it is easiest to implement. If there are no objections I will hand on the above proposal for imple- mentation in the database software in two weeks. For further reference read/attack/tear apart/abuse the compilation at http://www.ripe.net/wg/routing/haro-d.html Regards Joachim _____________________________________________________________________________ Dr. Joachim Schmitz schmitz(a)noc.dfn.de DFN Network Operation Center Rechenzentrum der Universitaet Stuttgart ++ 711 685 5553 voice Allmandring 30 ++ 711 678 8363 FAX D-70550 Stuttgart FRG (Germany) _____________________________________________________________________________

1 0

haro...
by Schmitz＠RUS.Uni-Stuttgart.DE 14 Feb '97

14 Feb '97

Dear colleagues, at the routing wg we continue to discuss hierarchical authorisation for route objects. Since there are several issues involved related to the database and its implementation you are welcome to partici- pate in the discussion (we try to keep the database wg mailing list in the Cc). To make it easier to keep track of the discussion I compiled the current state in http://www.ripe.net/wg/routing/haro-d.html and will keep it updated in (more or less) regular intervals. Your comments are welcome. Regards Joachim _____________________________________________________________________________ Dr. Joachim Schmitz schmitz(a)noc.dfn.de DFN Network Operation Center Rechenzentrum der Universitaet Stuttgart ++ 711 685 5553 voice Allmandring 30 ++ 711 678 8363 FAX D-70550 Stuttgart FRG (Germany) _____________________________________________________________________________

1 0

New Document available: RIPE-153
by RIPE NCC Document Annoucement Service 29 Jan '97

29 Jan '97

Revised RIPE Document Announcement -------------------------------------- A revised document is available from the RIPE document store. Ref: ripe-153 Title: RIPE NCC Database Documentation Author: A. M. R. Magee Date: 28 Jan 1997 Format: PS=788414 TXT=137211 Obsoletes: Version 1.2 of the document. Obsoleted by: Updates: Updated by: See also: Short content description ------------------------- This document is an introduction to the use of the RIPE Network Management Database. Items marked with an "*" are still in production. Questions and comments should be sent to <ripe-dbm(a)ripe.net>. Accessing the RIPE document store --------------------------------- You can access the RIPE document store via the World Wide Web; ripe-153 is available at the following URL: http://www.ripe.net/docs/ripe-153.html The RIPE document store is also available via anonymous FTP to ftp.ripe.net, in the directory ripe/docs. The full filenames of the new documents on the FTP-server are: ripe/docs/ripe-153.ps for the PostScript version ripe/docs/ripe-153.txt for the plain text version Documents can also be retrieved from the RIPE document store using a mail server program. For more information on how to use the program, send email to <mail-server(a)ripe.net> with "send HELP" in the body text.

1 0

Inverse Query Failures
by Daniel Karrenberg 17 Jan '97

17 Jan '97

I was asked to look into invers queries going wrong in order to determine which additional indices might be useful. I looked at 5245997 recent queries 6236 (0.11%) of which were reverse. Of these 1428 (24.72%) failed because no match could be found and 461 (7.39%) failed because either no attribute name was given or an attribute name which does not have an inverse index was given. Unfortunately no more details are logged about the latter type of failures. We will change that a.s.a.p. and report back if there are signigficant findings. I have looked at the data that was logged and could detect no clear trends pointing to the need for additional indices. Daniel

1 0

RE: Immediate - Date in Changed field
by Wilfried Woeber, UniVie/ACOnet 17 Jan '97

17 Jan '97

Hi DB-folks! On a slightly different aspect, and assuming that we change things anyway... How about running the RIPE-DB (and maybe gradually all the others :-) on a UTC basis, according to some recent suggestions? Just for a sneak preview on one of the small agenda items for the DB WG :-) Wilfried. ~~~~~~~~~~ Dear Database WG members, We have been requested to ease the restrictions on the date in the "changed" attribute to allow for dates with 4 digit years specifically those starting with "19" and eventually "20". For obvious reasons, we agree with this proposition. However, we also understand that some of you may have software which presumes the date has the yymmdd format. If anyone has a serious problem with this change, please notify me personally (orange(a)ripe.net) before the end of the week. If we don't hear any show stoppers before the end of the week, we will proceed. Thereafter, the following will be acceptable formats: 19yymmdd 20yymmdd (eventually) yymmdd Thanks for your ear, -- Carol Orange --------------------------------------------------------------------------------

7 6

Re: hierarchical route objects, part 1
by Schmitz＠RUS.Uni-Stuttgart.DE 16 Jan '97

16 Jan '97

Dear Curtis, you wrote: > > > Here is an example. The registries approve of the top level blocks, > > > that is the aggregates (or blocks that should be announced as > > > aggregates). Whoever the aggregate is allocated to creates the top > > > level route object and can delegate below that. For example, ANS has > > > 207.24/14. There were two route objects needed to handle multihomed > > > (a /22 and a /24) prefixes. The usual way a provider would delegate > > > would be to reference more than one maintainer in the route object > > > (the provider and the customer, and probably the other provider if the > > > route object had a unique origin AS). > > > > > This scheme sounds reasonable but it raises the question of coordination > > among different registries... > > I would not expect to see the same address space allocated by more > than one registry. All registries would have a top level 0/0 route > object which prevents registry of bogons. RIPE would have a hierarchy > under 0/0 and the RA would have a hierarchy tracking InterNIC assigned > addresses. I would not expect the two to overlap, therefore there is > no real coordination problem beyond initial setup or new blocks > allocated to a registry. > This is more difficult than it looks from the beginning. As an example we ourselves register all our objects (inetnum, routes, persons...) in RIPE database (because we are in Europe). However, among others we peer with MCI and MCI insists on having route objects in their registry in order to allow routing. If the route objects are secured by hierarchical authorisation in the RIPE database we would also like to have them secured in the MCI registry. Following the scheme above MCI would have to include inetnums (while it is a pure routing registry) *and* would have to generate top level route objects allowing specific access by us to our route objects (this is a very tiring job especially regarding "the swamp" 192.x). Of course, they could copy from RIPE database... (ask them why they don't...) I guess, this problem may only be resolved by the GRR (which is yet to come) From the ongoing disussion I conclude for myself (at the current state of the discussion) that we can not impose a strict security mechanism at the time being without breaking too many things. Maybe, I am too dumb to see a simple solution which might be just at hand... I will summarise the things said here on the mailing list for the routing wg session next week and try to think some more about it (I guess, Daniel was right from the start when he said that we should begin with a bare notification mechanism...) Regards Joachim _____________________________________________________________________________ Dr. Joachim Schmitz schmitz(a)noc.dfn.de DFN Network Operation Center Rechenzentrum der Universitaet Stuttgart ++ 711 685 5553 voice Allmandring 30 ++ 711 678 8363 FAX D-70550 Stuttgart FRG (Germany) _____________________________________________________________________________

2 1

An AUP for the RIPE DB ?!
by Daniel Karrenberg 16 Jan '97

16 Jan '97

Another short discussion paper. As you see I'd like to keep this general issue separate from the immediate measures discussed in the other paper. Again comments are welcome. Daniel Some Toughts about an Acceptable Use Policy for the RIPE Database Scope This is a discussion paper intended to lay the groundwork for the development of a more explicit acceptable use policy (AUP) for the RIPE database. Motivation For the past six years we have been able to avoid the issue of codifying acceptable use of the RIPE database because the user community was limited. Conventions and peer pressure were sufficient to prevent abuse. This is changing rapidly. Therefore I believe we have to develop a written AUP and enforce it. Format As with any AUP is it difficult to anticipate any potential usage. It is even impractical to codify something for all usages that can be envisioned. In our case a good approach would be to list a number of common usages that are clearly acceptable, such as searching for contact points in case of operational problems or access by routing policy tools. Subsequently we can list a number of usages that are clearly not acceptable such as obtaining addresses for mass mailings or unauthorised changing of data. I think it will be rela- tively easy to obtain consensus about that. One can then state that any use which is comparable to one of those listed falls under the policy for the listed use. Any use not comparable at all will need to be determined by the database WG and added to the AUP. Enforcement If we have a written AUP and consensus that it should be enforced the NCC can get legal advice on how to best enforce it. However I would like to have the AUP defined first because otherwise thinking about enforcement tends to be less effective and also influences our goals, e.g. the desired AUP. Further Steps I'd like to see some discussion and resolution on two issues: Is an explicit AUP needed? and Is the format sug- gested above appropriate?

1 0

Preventing Abuse of Postal&Email Address Info
by Daniel Karrenberg 16 Jan '97

16 Jan '97

Dear colleagues, below you find a short discussion paper with concrete proposals to address some abuse of the RIPE DB which we start seeing. It is input for that point at the meeting next week. Comments welcome. Daniel Short Term Measures to Protect Postal and E-Mail Address Information in the RIPE Database Against Abuse Scope This is a discussion paper about immediate measures to pro- tect postal and e-mail address information stored in the RIPE database against abuse. Mass mailings are the kind of abuse we are focussing on. There is consensus that these activities clearly constitute abuse of the RIPE database. An general acceptable use policy is a separate issue that needs to be addresses separately. Current Situation The database can currently be accessed by WHOIS, WAIS and as FTPable files. A copyright notice appears at the top of the FTPable files: Copyright (c)1992/.../1997 by Daniel Karrenberg and TERENA Restricted rights. Except for agreed Internet operational purposes, no part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, without prior permission of the RIPE NCC on behalf of the copyright holders. Any use of this material to target advertising or similar activities are explicitly forbidden and will be prosecuted. The RIPE NCC requests to be notified of any such activities or suspicions thereof. The access methods most suitable to obtain mass mailing data are the FTP and WAIS access methods. New Trend During first six years of operation no significant abuses of the database have come to our attention. In the past few months however there have been at least two instances where addresses from the have been sold or otherwise re-dis- tributed to address mailings. The NCC has taken appropriate action in these cases. I believe that this is a significant trend and we have to take measures to prevent such abuse in the future. In the following paragraphs I will outline pos- sible measures to that end. Assert Copyright More Prominently Currently the database copyright is asserted only in the FTPable files. Therefore any user of data obtained via other services may claim not to be aware of the copyright. In past discussions I have argued against cluttering WHOIS output with copyright notices. In the light of developments I now recommend to insert a one line copyright notice at the top of each WHOIS response roughly like: % Copyright (c)1997, see http://www.ripe.net/.... for details I have not checked yet whether this is sufficient notice in terms of legal procedures. However a user can then no longer claim ignorance. A similar solution needs to be implemented for the WAIS service. Remove Person Objects from FTP Access Person objects should be removed from public FTP access. This means both removing the person.db file and the person objects from the ripe.db file. The main purpose of these files is to allow mirroring of the database and convenient local access for various purposes. The mirroring function- ality has to be maintained differently. See below for details. The convenience of other uses in my opinion does no longer justify the potential for abuse this convenient public access has. Of course individual access can be granted if the user has a valid reason and agrees not to further distribute. Restrict Access if Abuse is Suspected I would like the database WG to explicitly authorise the NCC to restrict access to the database if abuse is suspected. The restrictions I envisage are artificial exponential delays if query patterns suggest abuse and blocking access for individual users as an ultimate measure. Of course any such measures will be reported back to the database WG. Consequences for Mirror Sites All these measures have little effect if any mirror site does not implement them. Therefore I propose that mirror sites will have to agree formally to implement any restric- tions the RIPE NCC has to implement. Further the mirror sites will have to change the procedure to obtain the person information to a restricted method. Further Steps I encourage everyone to critically read the proposals above and give me feedback, especially on aspects not considered. I ask the database WG to endorse the measures proposed and to give guidance on how they should be published, i.e. does this need to be written up as a RIPE document or is it suf- ficient in the database WG minutes/archives.

1 0