Re: [db-wg] re-evaluate route-object authorisation model
On 27 June 2015 at 09:17, Job Snijders <job@ntt.net> wrote:
On Sat, Jun 27, 2015 at 06:32:10AM +0200, George Michaelson wrote:
and note that, with one mouth, job has said that the ripe irr is the only one he will trust.
Unsure if i follow you exactly, but indeed, I only trust the RIPE IRR when it comes to RIPE managed space.
Why then, do you expect anyone to trust RIPE IRR for all the un-RIPE managed space which can be freely added, to permit RIPE managed space related objects to be made?
I don't recall expecting that? Did i in some earlier email forget to insert a criticial 'not' in a sentence or something?
So those route objects which refer to RIPE managed space, and non-RIPE managed space. Do you filter them out? The ones which have non-RIPE objects inserted? I thought you meant that if it was in the RIPE IRR you trusted it. I didn't realize you were performing a post-check on the origination of the referred elements in route and other objects. Sorry _G
Surely from a consistency point of view (and yes, its reductionist, but so is software) this means we shouldn't be trusting all the additional objects added 'for your convenience' under the open password maintainer?
Yes, the open password maintainer is a thorn in our side. Relevant to the discussion: https://ripe70.ripe.net/archives/video/132/ (Title is actually 'IRR Homing project')
If we're clear that a goal is to stop having it, and by implication stop having out-of-region data inserted into the RIPE IRR Thats good!
On Sat, Jun 27, 2015 at 02:35:20PM +0200, George Michaelson wrote:
On 27 June 2015 at 09:17, Job Snijders <job@ntt.net> wrote:
Why then, do you expect anyone to trust RIPE IRR for all the un-RIPE managed space which can be freely added, to permit RIPE managed space related objects to be made?
I don't recall expecting that? Did i in some earlier email forget to insert a criticial 'not' in a sentence or something?
So those route objects which refer to RIPE managed space, and non-RIPE managed space. Do you filter them out? The ones which have non-RIPE objects inserted?
I thought you meant that if it was in the RIPE IRR you trusted it. I didn't realize you were performing a post-check on the origination of the referred elements in route and other objects.
Maybe some forward looking statements caused confusion, there may be a discrepancy between what we have today in the database, what I have today deployed in the network, what I wish we had and where we are heading :-) I suggest we focus again on the topic at hand.
participants (2)
-
George Michaelson
-
Job Snijders