My apologies for a silly typo that Rob pointed out to me :-( Of course one of the lines shoukd read: - to effectively make a (subset) of a P*A* block usable as PI instead of: - to effectively make a (subset) of a P*I* block usable as PI I am sorry, -WW -------- Original Message -------- Subject: [routing-wg]Re: AW: [db-wg] Call for agenda items, DB-WG Meeting during RIPE53, Amsterdam Date: Thu, 14 Sep 2006 20:31:40 +0000 From: Wilfried Woeber, UniVie/ACOnet <Woeber@CC.UniVie.ac.at> Reply-To: Woeber@CC.UniVie.ac.at Organization: UniVie - ACOnet To: Rob Evans <rhe@nosc.ja.net> CC: wh@germany.com, routing-wg@ripe.net References: <PEEBJDDFEIDDDHIDOBKCEEJCFFAA.wh@germany.com> <4509AE72.2020508@CC.UniVie.ac.at> <4509B750.1020407@nosc.ja.net> Rob Evans wrote: [...]

1) A quick call for help in editing the document to create a proposal.

2) If we've got a draft of a proposal by then, discussion on it.

[ NOT waering my DB-WG Chair hat right now, just my Security Team Member's hat ] Any such document should be very clear and broad in describing the potential security and/or operational impacts and risks incurred by relaxing the established rules. (IRR Sanity and filter Configuration Tools) Some stuff that occurs to me immediately is - impact on ability to use (own or hi-jacked) IP-Address-Blocks for Spam-Runs, - to get address blocks routed differently for the duration of DoS Attacks, - to impede connectivity tracking mechanisms for Phishing Sites - to punch more specific holes into a PA Block - to claim customer relationship without a contract in place - to effectively make a (subset) of a PI block usable as PI - to cheat with eXchange Point Access Policy Requirements - to ....

Either way, we need to have someone willing to talk and an idea of how long you want to talk for! :-)

All the best, Rob

Another bout of CERT Paranoia maybe, yours, Wilfried.