Hi Ed,

I might be misunderstanding but mnt-ref on mntners sounds like a catch 22.

If mnt-ref would only be needed for mnt-by and any other references to mntners except mnt-ref I suppose it would be fine.

But generally speaking here I think I support it for the object types excluding mntners but only if no mnt-ref attribute means that anyone can reference it. (the way it is today)

This would mean that it's an opt-in functionality that requires adding at least one mnt-ref attribute to the object.

I think the impact would be too big and uncertain otherwise.

-Cynthia

On Mon, Mar 28, 2022, 09:30 Edward Shryane via db-wg <db-wg@ripe.net> wrote:
Dear Colleagues,

Currently the "mnt-ref:" attribute only protects references to organisation objects in the RIPE database, by specifying which maintainer(s) can authorise the reference.

This means it is possible to make references to other object types without any authorisation, for example:

* Refer to another organisation's maintainer
* Refer to another organisation's abuse-c contact
* Refer to any technical contact, admin contact, zone contact

Since these references do not need authorisation, it is open to misuse, creating the impression that an unrelated party is responsible for that object.

I propose that the "mnt-ref:" attribute be added (as an optional attribute) to other object types to allow references to be authorised:

* person
* role
* mntner
* irt

This proposal does not eliminate misuse (e.g. contact information can still be copied into a separate object), but protects references to existing objects.

If the DB-WG agrees to this proposal, I will prepare a more detailed impact analysis for review.

Regards
Ed Shryane
RIPE NCC


--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg