[routing-wg] Notification/authorisation of references to aut-num from other RPSL objects
- Previous message (by thread): [routing-wg] Notification/authorisation of references to aut-num from other RPSL objects
- Next message (by thread): [routing-wg] [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andreas Larsen
andreas.larsen at ip-only.se
Wed Jun 11 16:59:23 CEST 2014
> I propose we dub the attribute for nice alignment with existing > attributes: > > notify-on-ref: <email-address> optional, multi-valued > > Questions: > > - do you want a notification each time an object is updated and has > a reference to your object? > No > - or do you only want notifications when a reference inititally is > added to an object? (spares you a daily mailbomb for daily updated > objects) > Yes > - do you want a notification when the reference is removed from an > object? > Yes > - In what classes do you want to set a notify-on-ref attribute? (I > think initially aut-num, as-set, rs-set) > Agree > - do we want the notify-on-ref email addresses to be set to > unread at ripe.net upon NRTM/ftp export? Ok Andreas Larsen IP-Only AB | Postadress: 753 81 UPPSALA | Besöksadress Uppsala: S:t Persg 6 Besöksadress Stockholm: N Stationsg 69 | Vxl: +46 18 843 10 00 | Mobil +46 70 843 10 56 www.ip-only.se 10 jun 2014 kl. 13:25 skrev Job Snijders <job at instituut.net>: > On Mon, Jun 09, 2014 at 04:11:35PM +0200, João Damas wrote: >> On 09 Jun 2014, at 15:53, Hank Nussbacher <hank at efes.iucc.ac.il> >> wrote: >> >>> On a related matter, is it possible currently to setup my aut-num >>> that if anyone adds my autnum to their import/export/as-set objects >>> I would receive a notification about it? Currently the "notify" >>> field only informs me of changes to the specific aut-num, not people >>> who reference my aut-num w/o my permission? >>> >>> If this is not feasible with the system today, would it be possible >>> to add this feature? I'll explain the rationale: we have recently >>> discovered that hostile aut-num's that intend to perform a BGP >>> hijack, will add the victims aut-num to their routing policy or to >>> their unsuspecting upstream. This policy is then picked up as >>> legitimate and propogated. By having a "notify-on-policy" email >>> address field, I would be able to quickly see who is planning on >>> hijacking my IP ranges. >> >> This sounds like a reasonable thing to do to me. In fact, now that >> this has been mentioned it does sound like an obvious thing and I >> wonder what took the hostile aut-num’s so long to subvert the intent >> of the those fields. > > I think some notification feature would be nice to have, but we need to > figure out what and when we expect notifications. > > I propose we dub the attribute for nice alignment with existing > attributes: > > notify-on-ref: <email-address> optional, multi-valued > > Questions: > > - do you want a notification each time an object is updated and has > a reference to your object? > > - or do you only want notifications when a reference inititally is > added to an object? (spares you a daily mailbomb for daily updated > objects) > > - do you want a notification when the reference is removed from an > object? > > - In what classes do you want to set a notify-on-ref attribute? (I > think initially aut-num, as-set, rs-set) > > - do we want the notify-on-ref email addresses to be set to > unread at ripe.net upon NRTM/ftp export? > > Regarding authorisation, for me requiring authorisation to reference a > given object is a bridge too far at this point in time. Quite some > operators automatically generate an autnum, route-sets & as-sets on a > daily basis to reject their policy, and I don't see an easy way to make > this a painless adventure. Let's first do notifications and based on > those experiences look further. ok? > > Kind regards, > > Job >
- Previous message (by thread): [routing-wg] Notification/authorisation of references to aut-num from other RPSL objects
- Next message (by thread): [routing-wg] [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]