Menno Pieters (Stelvio) wrote:
To elaborate on that, the complications for creating an IRT object are: - You need a maintainer for an IRT object (which is not required for an extra attribute or a person/role object); - Strong authentication from both the IRT and the LIR is required to link an IRT object to the inet[6]num object.
The reasons to do it this way is to prevent that the IRT mentioned in the IRT object gets complaints about abuse made form IP ranges that they are not responsible for, simply because "Evil Company" put the e-mail address of the IRT in its inet[6]num object (or as Daniel Karrenberg suggested in on of the maintainer objects protecting the object).
So both the IRT and the LIR (even if they are in the same room or just next door), must agree. In a small organisation it is possible that it's the same (group of) person(s), using the same PGP key and the problem is void, because the request needs to be signed only once.
I have never understood what this gives you. If "Evil Company" wants to misdirect abuse reports (why?) they can circumvent this by making a fake IRT object with IRT XYZ as the contact email address. John Green JANET-CERT