On 28 Sep 2010, at 12:44, Ronald F. Guilmette wrote: [...]
I don't know how much they can be maliciously set/removed, I never try to. Leo certainly does. Does know, I mean. :-)
Yes, I'd really like to know about that. I do believe that in the case of the ARIN WHOIS records, it is ARIN itself that is setting the "RegDate:" and "Updated:" fields (which would tend to make those values reliable) but don't quote me on that, because I'm not completely sure. I just know that in prior cases when I've seen hijackings, and where it would have been very much to the hijacker's benefit to be able to fiddle those field values (to help to hide their crimes) the ARIN "RegDate:" and "Updated:" fields still do seem to have accurate info.
So, I gather that in the case of the RIPE Changed: fields, anybody can put anything they want in there (?) Including no date info at all?
If so, then that would be...ahh... how should I say it?... suboptimal.
As I understand it, only the RIPE NCC's staff can update the "changed:" attribute values for allocations. The ISP, though, can update the "changed:" attribute values for the assignments it makes. If you are only interested in the allocations made by the RIPE NCC to the ISP then you can trust the veracity of the information in the "changed:" lines. You'll recognise the object as an allocation because it will have lines like these: status: ALLOCATED PA and mnt-by: RIPE-NCC-HM-MNT HTH, Leo