On Fri, Nov 14, 2014 at 11:16:21PM +0100, Piotr Strzyzewski wrote:
On Fri, Nov 14, 2014 at 11:12:44PM +0100, Job Snijders wrote:
On Fri, Nov 14, 2014 at 11:00:03PM +0100, Piotr Strzyzewski wrote:
Would it be an idea to prevent objects from being updated/created when they carry a "mnt-by: RIPE-NCC-RPSL-MNT" attribute?
What about delete?
We cannot delete these objects, that would wipe out a large portion of routing information regarding Africa. That is not acceptable. I solely mean to reject the update/creation of an object if it contains this line:
mnt-by: RIPE-NCC-RPSL-MNT
Because the above line is a security risk for the object, everybody knows the password for RIPE-NCC-RPSL-MNT.
I have been misunderstood. What about extending the protection to covers also the inability of deletion?
You mean that mntner 'RIPE-NCC-RPSL-MNT' cannot delete objects? That sounds good as well. Kind regards, Job