Hello Stavros, Thanks for writing the problem definition. One comment: On 13 Nov 2020, at 21:58, Stavros Konstantaras via db-wg <db-wg@ripe.net> wrote:
• It provides plain text/unencrypted transport of data
My main concern here isn’t actually the lack of encryption: it’s the lack of authentication. Mirroring between IRRs is currently based on opening a TCP socket to some IP and then completely trusting whatever you get. Which in turn is used to configure routing policy. There is zero verification on whether the data is authentic and from the source you meant to get it from. Encryption is a lesser concern for me, because IRR data is usually public already, but we should include it. Anything that has a TLS layer could satisfy both of this, so it’s not really a hard problem. Sasha