On Monday, August 25, 2003, at 07:32 PM, Jared Mauch wrote:
You of course are correct with the trusting of the data, but we are in a somewhat of a chicken and egg situation. If people don't trust the IRR, they don't filter on it, and then the data is allowed to get out of date. But people who maliciously add bogus (or excessive route objects for example) are easy to track down. This is what the maintainer objects are for and why the IRR software keeps logs of the messages (including headers) that are submitted.
I fully agree with the cart/horse chicken/egg analogy. If SPs began employing IRRs more fully and more work went into commercialization of IRR infrastructure and tools (and perhaps some RIR feedback loop were created) they'd improve. Instead, folks are running about designing new protocols far more complex than BGP already is, that *still* require some "authority". When in reality, 99% of the vulnerabilities could have been solved with what was in place 10 years ago. Folks are striving for "perfect security", which is fine, but they've ignored the reasons why we don't even have "crappy" security. -danny