LoA (Letter of Authorization) for Prefix Filter Modification?
stephen at sprunk.org
Thu Sep 18 12:02:15 CDT 2008
Azinger, Marla wrote:
> I use RWHOIS for proof of who we assign and allocate address space to. I dont believe an LOA is any more valid or secure than my RWHOIS data base that I keep and update on a daily basis. In this case I find it a waste of time when people ask me for LOA's when they can verify the info on my RWHOIS site. And I point these people to my RWHOIS site when they ask for LOA as opposed to wasting my time on creating paperwork. However, if you dont have something like that set up, then I do see the value in people asking for LOA and thus helping to ensure address space isnt getting hijacked.
How is _you_ showing information in an RWHOIS server that _you_ control
in any way proving that the holder of a address block is authorizing
_you_ to advertise it on their behalf? It is not unreasonable for your
upstreams to ask for some proof _from the holder_ rather than simply
trusting you. For all they know, you're just hijacking random address
space and putting it in your RWHOIS server.
Would you be happy if some random Tier 1 started letting _their_
customers advertise _your_ address space, just because those customers
had put up an RWHOIS server claiming it was theirs?
This is not about asking you for an LoA for your own address space,
which any moron can follow in a reasonably trustworthy chain from ARIN
to you. It's about address space that is _not_ directly registered to
the company trying to get a filter exception.
More information about the NANOG