Hi, > In a lot of this dialogue, many say, "you should prefix filter". > However, I'm not seeing how an ISP could easily adopt such filtering. > > Let's consider the options: [..]
> a) only RIPE IRR uses a sensible security model [1], so if you use > others, basically anyone can add route objects to the registry. > How exactly would this model be useful? [..] > So, this is no excuse for not doing prefix filtering if you only do > business in the RIPE region, but anywhere else the IRR data is pretty > much useless, incorrect, or both. this is all true and leads us to the question why ARIN, for example, DOESNT USE A SENSIBLE SECURITY MODEL?!!!! Actually i asking this myself for a couple of years. IMHO ARIN _should_ either improve their RR software or, better, use the RIPE DB software so ISPS can build prefix-filters for the ARIN region. So: Why dont they do it?!!! Arnd
