LoA (Letter of Authorization) for Prefix Filter Modification?

Stephen Sprunk stephen at sprunk.org
Thu Sep 18 12:02:15 CDT 2008


Azinger, Marla wrote:
> I use RWHOIS for proof of who we assign and allocate address space to.  I dont believe an LOA is any more valid or secure than my RWHOIS data base that I keep and update on a daily basis.  In this case I find it a waste of time when people ask me for LOA's when they can verify the info on my RWHOIS site.  And I point these people to my RWHOIS site when they ask for LOA as opposed to wasting my time on creating paperwork. However, if you dont have something like that set up, then I do see the value in people asking for LOA and thus helping to ensure address space isnt getting hijacked.
>   

How is _you_ showing information in an RWHOIS server that _you_ control 
in any way proving that the holder of a address block is authorizing 
_you_ to advertise it on their behalf?  It is not unreasonable for your 
upstreams to ask for some proof _from the holder_ rather than simply 
trusting you.  For all they know, you're just hijacking random address 
space and putting it in your RWHOIS server.

Would you be happy if some random Tier 1 started letting _their_ 
customers advertise _your_ address space, just because those customers 
had put up an RWHOIS server claiming it was theirs?

This is not about asking you for an LoA for your own address space, 
which any moron can follow in a reasonably trustworthy chain from ARIN 
to you.  It's about address space that is _not_ directly registered to 
the company trying to get a filter exception.

S




More information about the NANOG mailing list