On Monday, Jun 9, 2003, at 12:53 Canada/Eastern, jlewis@lewis.org wrote:
Since the RIRs contain the information required to answer those questions, you'd expect them (or their data) to be involved in the process of answering them.
They really don't. Thus far, when space is assigned, the RIRs have no way to later authenticate that an organization using the space is the same one that they assigned it to.
The RIRs definitely hold some of the data that would be required to make educated pronouncements (although clearly not all of it). Note that I'm not talking about absolute accuracy here; as long as people are able to change companies, change their names, die, forge documentation and otherwise lie, there will always be fraud. What is needed is some trusted resource who can say "our best guess is that this is legitimate". At the moment there is no clear procedure for any ISP to follow to even get a best guess as to whether an advertisement should be accepted or not.
As for the current state of BGP authentication/sanity checking, I can say 2 of my 4 upstreams take whatever I put in the routing registry.
I have met people who think that the existence of a route in the IRR is somehow demonstrable evidence that a route should be accepted. I'm not quite sure why they think that way. Joe