[88292] in North American Network Operators' Group
Re: So -- what did happen to Panix?
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Fri Jan 27 13:21:38 2006
In-Reply-To: <F8F31984-A090-4647-B814-35858AC02DD6@isc.org>
Cc: "Patrick W. Gilmore" <patrick@ianai.net>
From: "Patrick W. Gilmore" <patrick@ianai.net>
Date: Fri, 27 Jan 2006 13:21:02 -0500
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Jan 27, 2006, at 12:57 PM, Joe Abley wrote:
> On 27-Jan-2006, at 11:54, Patrick W. Gilmore wrote:
>> On Jan 27, 2006, at 8:29 AM, Michael.Dillon@btradianz.com wrote:
>>
>>>> seems to me that certified validation of prefix ownership and as
>>>> path are the only real way out of these problems that does not
>>>> teach us the 42 reasons we use a *dynamic* protocol.
>>>
>>> Wouldn't a well-operated network of IRRs used by 95% of
>>> network operators be able to meet all three of your
>>> requirements?
>>
>> Maybe I missed something, but didn't Verio say the prefix was in
>> their internal registry, and that's why it was accepted.
>
> Perhaps by "well-operated", Michael was referring to something like
> the hierarchical authentication scheme used by the RIPE database,
> which ultimately provides access control for route objects using
> RIR allocation/assignment data?
Yet it can still have stale data.
That said, if there were a centralized store for such information and
"you" were in charge of "your" objects, then the only person to blame
when "your" prefix was incorrectly accepted would be "you". (We're
talking things like accidental origination here, not malicious
attempts to go around safeguards.)
Put more concretely, Panix would have no one to blame but themselves
if Verio accepted a prefix because it was properly registered in the DB.
This, IMHO, would be a Good Thing.
Not a panacea, but a Good Thing. And would avoid some very long
threads on NANOG (which is also a Good Thing :).
--
TTFN,
patrick
