* Sander Steffann
For reference, when creating an RPKI ROA the address space holder can also create ROAs with ASN
without the ASN holder's permission. I always read route(6) and ROA data as "the address space
holder permits this ASN to announce its space" and realise that the ASN holder might not even
be aware of being given this permission. And there is indeed no way to indicate "I don't want
to be given this permission" in either DB or RPKI. My view may also be different from other's.
I understand that from a "keep the database clean" point of view it is
annoying. Whether this is an actual (operational) problem has been argued both ways in
the past, and I haven't seen any consensus. I'd love to see a discussion on that here.
One potential operational problems is relating to the construction of
eBGP prefix filters.
Say you and I peer, and you use an automated system to periodically
generate and load prefix filters into your routers based on route6
objects in the RIPE database with origin:AS<tore>.
Now some third party comes along and maliciously or accidentally creates
half a million route6 objects for every /48 in their /29 allocation
using origin:AS<tore>. Now what happens?
Tore
-----
To unsubscribe from this mailing list or change your subscription options,
please visit: https://mailman.ripe.net/mailman3/lists/db-wg.ripe.net/
As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings.
More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
