[routing-wg] Notification/authorisation of references to aut-num from other RPSL objects
- Previous message (by thread): [routing-wg] Notification/authorisation of references to aut-num from other RPSL objects
- Next message (by thread): [routing-wg] Notification/authorisation of references to aut-num from other RPSL objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Job Snijders
job at instituut.net
Tue Jun 10 13:25:32 CEST 2014
On Mon, Jun 09, 2014 at 04:11:35PM +0200, João Damas wrote: > On 09 Jun 2014, at 15:53, Hank Nussbacher <hank at efes.iucc.ac.il> > wrote: > > > On a related matter, is it possible currently to setup my aut-num > > that if anyone adds my autnum to their import/export/as-set objects > > I would receive a notification about it? Currently the "notify" > > field only informs me of changes to the specific aut-num, not people > > who reference my aut-num w/o my permission? > > > > If this is not feasible with the system today, would it be possible > > to add this feature? I'll explain the rationale: we have recently > > discovered that hostile aut-num's that intend to perform a BGP > > hijack, will add the victims aut-num to their routing policy or to > > their unsuspecting upstream. This policy is then picked up as > > legitimate and propogated. By having a "notify-on-policy" email > > address field, I would be able to quickly see who is planning on > > hijacking my IP ranges. > > This sounds like a reasonable thing to do to me. In fact, now that > this has been mentioned it does sound like an obvious thing and I > wonder what took the hostile aut-num’s so long to subvert the intent > of the those fields. I think some notification feature would be nice to have, but we need to figure out what and when we expect notifications. I propose we dub the attribute for nice alignment with existing attributes: notify-on-ref: <email-address> optional, multi-valued Questions: - do you want a notification each time an object is updated and has a reference to your object? - or do you only want notifications when a reference inititally is added to an object? (spares you a daily mailbomb for daily updated objects) - do you want a notification when the reference is removed from an object? - In what classes do you want to set a notify-on-ref attribute? (I think initially aut-num, as-set, rs-set) - do we want the notify-on-ref email addresses to be set to unread at ripe.net upon NRTM/ftp export? Regarding authorisation, for me requiring authorisation to reference a given object is a bridge too far at this point in time. Quite some operators automatically generate an autnum, route-sets & as-sets on a daily basis to reject their policy, and I don't see an easy way to make this a painless adventure. Let's first do notifications and based on those experiences look further. ok? Kind regards, Job
- Previous message (by thread): [routing-wg] Notification/authorisation of references to aut-num from other RPSL objects
- Next message (by thread): [routing-wg] Notification/authorisation of references to aut-num from other RPSL objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]