On Wed, Oct 11, 2017 at 03:00:55PM +0100, Sascha Luck [ml] wrote:
On Wed, Oct 11, 2017 at 02:46:54PM +0100, Nick Hilliard via db-wg wrote:
Job Snijders wrote:
I think this touches upon an incredibly important question: how do we distinguish between garbage and properly authenticated "route:" objects covering RIPE-managed space?
and more to the point: are there good reasons and community support for continuing not to distinguish between the two.
Well, distinguishing in the irrdb is one thing, but how would you distinguish between them in RealLife(tm)? It's not like you can not route/accept a cross-RIR route: object (at least not without Breaking The Internet)
Some people may make a choice to ignore objects with source RIPE-NONAUTH, or some may let other sources have precedence over RIPE-NONAUTH. I can also imagine improvements to abuse handling systems which now know that they might need to take the route with a grain of salt. We'll see what innovation is possible!
Also, what would the distinguisher be for eg. a route: with prefix from RIPE and ASN from ARIN? RIPE-PARTIALLY-AUTHENTICATED?
Just "source: RIPE" - because it is authenticated following the chain from RIPE to inetnum holder to mnt-by/mnt-routes. That the ASN comes from ARIN (or wherever) is irrelevant, just like with RPKI. Kind regards, Job