-----Original Message----- From: Alex Band on Thursday, July 02, 2015 11:42 AM
Thanks for sharing your experiences George.
I'm curious to hear from our Community about what they think about this mode of operation; simply create the route object on the inetnum holder's authorisation alone, inform the ASN holder that it was created and only remove the object if they object.
It would simplify the authorisation model tremendously and save a lot of frustration and customer support tickets.
Seeing that APNIC has positive experiences, would our Community support such an approach considering the up and downsides?
We definitely would support this simplified authorization method. Our primary concern is that it would make polluting the database even easier which might be abuse e.g. to attack (DoS) filter generation tools/access list memory limits. But as this could be done with the current database anyway, we don't think it will be a problem. The big advantage we see is that it would make the creation of route objects with inetnum/origin combinations from different RIRs easier. Once more RIRs adopt this simple authorization model access to their address space via RIPE-NCC-RPSL-MNT should be prevented. That would improve security in the long run. Best Regards, Frederik Kriewitz NYNEX satellite OHG