Questions about IRR best practices

• Previous message (by thread): Questions about IRR best practices
• Next message (by thread): Questions about IRR best practices
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well, if you use a ROA as your only signed object, then yes. But really I
was hinting at RTA or RSC: use the mechanism to countersign an instruction
to RADB or any other IRR specifically about the RPSL you want to eject.

Not "because ROA do this" but "do this specific thing I command because I
control the assets"

G

On Sat, 13 Nov 2021, 11:18 am Rubens Kuhl, <rubensk at gmail.com> wrote:

>
>
> On Fri, Nov 12, 2021 at 9:56 PM George Michaelson <ggm at algebras.org>
> wrote:
>
>> Wouldn't it be cool if we had a cryptographic mechanism to sign an
>> authority to the IRR publisher to eject old data.
>>
>> Some way you could prove you have control of the asset, and the  let the
>> RADB people know you repudiated some old data, made under somebody else's
>> authority which you can't remove directly, even though it's probably stale.
>>
>> Something like a PKI tagged with your addresses and/or ASN.
>>
>>>
>>>
> That only helps with wrong origin IRR records. While this is the case at
> hand, a lot of proxy objects have correct origin attributes,  and are just
> managed by the wrong person.
>
> That said, TC IRR is currently using RPKI validation and the curious
> result is that most RPKI-triggered removals are objects sent by the own AS,
> but with a more specific prefix that what's published in RPKI.
>
> Rubens
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20211113/7c0c8b76/attachment.html>

• Previous message (by thread): Questions about IRR best practices
• Next message (by thread): Questions about IRR best practices
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]