HI All

From some comments I have received it seems I did not make my alternative clear. Let me try again.

The basic idea is to use notifications/responses to obtain valid authorisation for ROUTE object creation involving non RIPE resources.

When a ROUTE object creation is received by the RIPE Database involving non RIPE resources it is held pending approval. Notifications are sent to the contacts for the non RIPE resource(s). They need to approve the creation otherwise the creation request is rejected by the database.

90% of the software needed for this already exists in the database code base (sending notifications and holding ROUTE object creations pending approval). The other 10% is finding the contacts for a resource in an RIR database and handling the returned approvals from the notifications to trigger the final object creation).

Once implemented all existing ROUTE objects involving non RIPE resources could be retrospectively re-created using this mechanism, effectively deleting any that were not approved.

No copies of AUT-NUM objects are required in the RIPE Database for this to work (so they can all be deleted) and no public passwords are needed. However it does rely on contact details being up to date in resources in other RIR databases (which of course they are).

This alternative is independent of any decision to keep/drop auth requirement for ASN holder. If this requirement is dropped, I suggest sending a notification to originating ASN holder for any ROUTE object creation informing them of its creation as an FYI.

This is a quick and simple alternative, using old fashioned technology. But I believe it could be implemented and deployed very quickly by the RIPE NCC. That would make all ROUTE objects in the RIPE Database properly authorised by resource holders and trusted. It also allows all duplicated AUT-NUM objects to be deleted and no need for public passwords. This could be deployed as an interim solution while neater, modern technology solutions are being considered and developed.

cheers
denis


On 13/05/2015 17:32, denis wrote:


On 13/05/2015 17:24, Robert Kisteleki wrote:
On 2015-05-13 11:24, Job Snijders wrote:


Yesterday during the birds of a feather session about "cross-registry
authorisation" the idea to relax the authorisation requirements for
route-object creation was brought up (again). I ask this group to further
explore.

To be fair, there were a total of four alternatives presented, of which the
above was one. I had the feeling in the room that all alternatives had
supporters as well as opposers. Maybe it'd be fair to explore the other
alternatives at the same depth as well?

Including my fifth alternative....

cheers
denis

Cheers,
Robert