On Wed, Jun 13, 2018 at 12:39:49PM +0100, Sascha Luck [ml] via db-wg wrote: > On Wed, Jun 13, 2018 at 11:11:09AM +0000, Job Snijders via db-wg wrote: > > I am sympathetic, but RIPE has no obligation to keep a glaring > > security hole open to accommodate another RIR's lack of expedience. > > There was a time when it would have been seen as the obligation of any > RIR to keep the internet running as smoothly as possible. This boat > seems to have sailed and not just in an internet context.This > paradigm shift mirrors one in general society as well, where it has > become acceptable to cause any amount of pain and inconvenience to the > general population in the name of 'security'...
The above would be true if there was no alternatives and RIPE NCC was the exclusive provider of this registration service. However, as I pointed out before you can simply register your routes in other IRRs. > Secondly, there is an unintended consequence to this, namely that, if > you make it impossible for a segment of resource holders to register > their routes properly, some transit providers and IXPs will have no > choice but to accept their advertisements anyway without any filter. > How that improves 'security', I don't know. As pointed out, it is not impossible. > IMO such actions should be delayed until there is a mechanism for > every resource holder to register their advertisements properly, no > matter where they are. Presumably this is something the RIRs > themselves could be pushing as they are coordinating among themselves > and with ICANN anyway. Such a mechanism already exists. There is the RPKI registration system and there are multiple IRR systems. Kind regards, Job
