AltDB?

Randy Bush randy at psg.com
Sun Jan 9 03:23:20 UTC 2011


> I at least think that whatever future and time-table is planned for
> RPKI, this should not stand in the way of ARIN offering an effective
> authentication mechanism for the ARIN IRR.
> ...
> I really do wonder what ARIN's plan is if a bad guy decides to forge
> emails and delete or modify some or all of the objects.

my guess is do their best to try to see who has the right data.  as arin
seems to be driven by fud, policy wannbes, and lawyer(s), this might be
complex, slow, and expensive.  so it goes.

but, unlike the other regions, the arin.irr is not confuddled with the
arin.whois.  i.e. it is kind of irrelevant to the authority on resource
ownership, arin's real responsibility.

they are just providing a free irr service, as it is the popular thing
for rirs to do these years.  and i don't think many use it.  if you
don't like its weak authentication, then don't use it, there are plenty
of alternatives, e.g. see $subject.

i agree that running an irr instance with only mail-from is pretty lame.
and there is good free software out there to do it well if you do not
suffer from nih.

so i would advise putting it late in your peval() string.

randy, who runs an irr instance using irrd




More information about the NANOG mailing list