Hi,
2. Protection against 'illegal' referecing. (Meaning "Hey UCD has a nice role for abuse, i reference this role in my inetnums as well") There we had a discussion in the context of the org object, putting a generalized machinery (mnt-ref, ref-nfy) in place. IMHO this _should_ be added (optional) to role/person anyway.
Do we need a new machinery for this? If a role or person object acquires a new inverse-key relationship, I would find it reasonable to alert the 'mnt-by:' and 'notify:' targets as a matter of course. I don't see the value in defining new attributes just to cover this.
Hmm, I'd prefer the protection from that to happen instead of: Bad Guy does something -> You hear from it -> You have to persuade the RIPE-NCC to do something against it (Because you can't do it yourself, since you do _not_ maintain the object where the reference is in). That machinery is not really new, since the DB-Folks are as I understood it Implementing that attribute-combination for the org-object as well. And then it is optional, so if you dont want real protection, you do not have to use it. lG uk -- Ulrich Kiermayr Zentraler Informatikdienst der Universitaet Wien Network - Security - ACOnet-CERT Universitaetsstrasse 7, 1010 Wien, AT eMail: ulrich.kiermayr@univie.ac.at Tel: (+43 1) 4277 / 14104 PGP Key-ID: 0xA8D764D8 Fax: (+43 1) 4277 / 9140