Hi Jeroen, Im sure that creating an IRT object is doable for any ISP which takes the time. The reason why I do not wish to use IRT is that it is much too complex for the very simple purpose it should have. It seems to have been designed to be used for outsourcing of abuse-handling, Im sure some ISP's do this but I haven't yet seen any numbers which justifies a design which primarily favors these ISP's. Remove the encryption-thing on the IRT object and let it be maintained by a maintainer object, then Im sure more ISP's would be willing to implement it, but for it to become a success I still believe the designers need to pay attention to the needs of those ISP's who have no use for the current version. I think its very unfortunate that the Ripe DB doesn't have abuse information on all IP addresses, that should actually be the primary goal for a public IP database, at least from the Internet users perspective. Med venlig hilsen/Best regards Christian Rasmussen Hosting manager, jay.net a/s Smedeland 32, 2600 Glostrup, Denmark Email: noc@jay.net Personal email: chr@corp.jay.net Tlf./Phone: +45 3336 6300, Fax: +45 3336 6301 Produkter / Products: http://hosting.jay.net
-----Original Message----- From: db-wg-admin@ripe.net [mailto:db-wg-admin@ripe.net]On Behalf Of Jeroen Massar Sent: 16. marts 2004 02:53 To: db-wg@ripe.net Subject: [db-wg] IRT object creation is easy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
For the sake of promotion of the IRT object and for checking out if it really is easy creating it I requested an IRT object from RIPE, who have assigned it without much problems. The main problem was me not filling the form in correctly and after that being so stupid not having added the correct PGP key *whistle* and indeed it won't authenticate if the mnt-irt authentication is not satisified, thus that part is now also succesfully tested.
Anyhow, it *is* easy getting it and if we (SixXS) can get it, then any ISP should be able to get it. Almost all the inet6nums assigned to the SixXS project now have a mnt-irt on their /40's, the other POPs will follow. Thus I can now say that:
$ lftp ftp://ftp.ripe.net/ripe/dbase/split $ ls - -rw-r--r-- 1 ftpuser ftpgroup 176490 Mar 16 01:42 ripe.db.inet6num.gz $ get ripe.db.inet6num.gz $ gunzip ripe.db.inet6num.gz $ grep -cE inet6num ripe.db.inet6num 4206 $ grep -cE "mnt-by:.*SIXXS-MNT" ripe.db.inet6num 1872
1872/4206*100% ~= 44.50% of the inet6num's is now protected by the IRT-SIXXS object by adding about 10 mnt-irt attributes to 10 different objects.
$ grep -c "mnt-irt:" ripe.db.inet6num ripe.db.inet6num 102
Add 6 to that at the moment, as the updated objects are not in this splitted file yet.
For that matter, there are also other ISP's adding mnt's:
$ cat ripe.db.inet6num |grep -E mnt-irt | sort | uniq -c 21 mnt-irt: IRT-AA 1 mnt-irt: IRT-ACOnet-CERT 49 mnt-irt: IRT-DFN-CERT 5 mnt-irt: IRT-ITGATE 2 mnt-irt: IRT-SPEEDKOM1 1 mnt-irt: IRT-UK 23 mnt-irt: irt-CERT-NL
It would also be quite fast to deploy more mnt-irt's by making the field mandatory for new allocations forcing ISP's to make use of the object.
Because of the above I don't see a reason for a abuse-c or similar object. If there is a need for adding things like 'spam' or 'ddos' etc then these should be added to the IRT object and not to a new one.
Now everybody go request an IRT object and get it over with. In total it will probably cost you a max of 2 hours and I think that can be really worth it as when it is being used we can then tell abuse tool writers where to look.
Handy docs: http://www.ripe.net/ripe/meetings/ripe-47/presentations/ripe47-db-irt.pdf http://www.ripe.net/ripe/docs/irt-object.html
Greets, Jeroen
-----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Comment: Jeroen Massar / http://unfix.org/~jeroen/
iQBGBAERAgAQCRApqihSMz58IwUCQFZd8QAAxRMAn22KiziDgieySrdDQele+peb DXCPAJ9FwYSfaZy9XeU3SPK0gqkYM2a5LA== =ZDFN -----END PGP SIGNATURE-----