Hi Job From: Job Snijders via db-wg <db-wg@ripe.net> To: Lu Heng <h.lu@anytimechinese.com> Cc: Database WG <db-wg@ripe.net> Sent: Wednesday, 13 June 2018, 12:52 Subject: Re: [db-wg] A test on AFRINIC range announcing without RIPE route object
In conclusion, If you employ a non-Afrinic asn for announcements (which means a foreign asn), using RIPE’s route object will be the only choice for you unless you are one of those big telecoms which has the liberty to announce anything as they wish.
This is not correct, you can also use RADB, NTTCOM, LEVEL3, or ALTDB, etc. RIPE is/was not an exclusive provider for this type of service.
(wearing my devil's advocate hat)... So are you saying all these other databases offer the same service with the same security risk that we are about to remove from the RIPE Database? None of these databases have any authorisation link to any of the RIR's address registries. So can anyone create bogus ROUTE objects in these databases for any address space? Suggesting that people can use these databases implies that their contents are taken seriously, including any bogus ROUTE objects. So by closing down this service in the RIPE Database are we solving a problem (closing a security hole) or just moving the problem somewhere else? Ideally all 5 RIRs should operate an IRR with authorisation linked to the address registrations and not required from any ASN. Then we would have a place to put ROUTE objects that can be trusted. cheersdenisco-chair DB-WG