Hi, On Tue, Aug 20, 2024 at 01:11:40PM +0100, Nick Hilliard wrote:
I think this is something that can be improved. I suggest implementing the option to force-delete a route(6) object as ASN resource holder. This saves both the resource holder and RIPE NCC valuable time.
Wessel Sandkuijl wrote on 20/08/2024 12:51: there's definitely an issue here, but I wonder if the authorisation model is opened up a bit, whether that would open up a can of worms (e.g. if you can auth a delete, why shouldn't you be able auth a create?).
Well, "auth a create" opens the door to hijacks. "auth a delete" would possibly open the door to a DoS attack if a legitime route: object is deleted - but then, such an object would usually be a customer, so why would you do that? I'm not seeing anything obvious how to abuse force-delete route/route6: objects in this scenario, but my imagination is limited. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Ingo Lalla, Karin Schuler, Sebastian Cler Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279