Questions about IRR best practices

• Previous message (by thread): Questions about IRR best practices
• Next message (by thread): Questions about IRR best practices
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 12, 2021 at 9:56 PM George Michaelson <ggm at algebras.org> wrote:

> Wouldn't it be cool if we had a cryptographic mechanism to sign an
> authority to the IRR publisher to eject old data.
>
> Some way you could prove you have control of the asset, and the  let the
> RADB people know you repudiated some old data, made under somebody else's
> authority which you can't remove directly, even though it's probably stale.
>
> Something like a PKI tagged with your addresses and/or ASN.
>
>>
>>
That only helps with wrong origin IRR records. While this is the case at
hand, a lot of proxy objects have correct origin attributes,  and are just
managed by the wrong person.

That said, TC IRR is currently using RPKI validation and the curious result
is that most RPKI-triggered removals are objects sent by the own AS, but
with a more specific prefix that what's published in RPKI.

Rubens
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20211112/b8fbc2aa/attachment.html>

• Previous message (by thread): Questions about IRR best practices
• Next message (by thread): Questions about IRR best practices
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]