-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extended RPSL set name validation and authentication #575
Comments
mxsasha
added a commit
that referenced
this issue
Nov 2, 2021
mxsasha
added a commit
that referenced
this issue
Nov 2, 2021
mxsasha
added a commit
that referenced
this issue
Nov 2, 2021
mxsasha
added a commit
that referenced
this issue
Nov 4, 2021
mxsasha
added a commit
that referenced
this issue
Nov 4, 2021
mxsasha
added a commit
that referenced
this issue
Nov 9, 2021
10 tasks
mxsasha
added a commit
that referenced
this issue
Nov 9, 2021
mxsasha
added a commit
that referenced
this issue
Nov 9, 2021
mxsasha
added a commit
that referenced
this issue
Nov 9, 2021
mxsasha
added a commit
that referenced
this issue
Nov 9, 2021
mxsasha
added a commit
that referenced
this issue
Nov 24, 2021
mxsasha
added a commit
that referenced
this issue
Nov 24, 2021
mxsasha
added a commit
that referenced
this issue
Dec 18, 2021
mxsasha
added a commit
that referenced
this issue
Dec 18, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Creation of RPSL set objects, as-set, filter-set, peering-set, route-set and rtr-set, currently has few authentication restrictions. If a user has access to any mntner, they can create new sets. For as-set there is a requirement for the first element to be an AS number, e.g. “AS65537:AS-EXAMPLE” when creating new objects as of IRRD 4.2, though this can be disabled.
The plan for this issue is to extend IRRD with new possible requirements for each set type:
Per set type (as-set, filter-set, etc.) a setting will be added for one of the following:
exist, but if it does IRRD must validate).
In all settings, existing objects can still be modified and deleted, because they may be referenced from other objects from RADB or other IRRs. Forcing a name change to modify existing objects would therefore be a high burden on users.
When modifying or deleting existing set objects, authentication only needs to pass on at least one method on at least one mnt-by on the set object itself, i.e. aut-num authorisation is only required when creating a set object.
The text was updated successfully, but these errors were encountered: