[ppml] CIDR support for whois.arin.net / merging whois with rr data?

sandy at tislabs.com sandy at tislabs.com
Fri Sep 15 08:12:36 EDT 2006


Bill Woodcock said:

>The IRR whois contains only non-authoritative data, either submitted
>directly, submitted through third parties, mirrored from sites which
>received it directly, or mirrored from sites which received it from third
>parties.
>
>If one's interested in the chain of responsibility backing up the veracity
>of the data, these things are of some interest.

Three somewhat orthogonal comments:

The directly submitted data for resources for which ARIN is authoritative
can be validated.  And as I understand it, ARIN *does* check for number
resource objects being registered to be sure that the registrant is
the same as the POC for the corresponding whois record.  So some
authorization is possible.

As I understand it, the route objects are not subjected to the same
validity check, although it should be possible for ARIN to check that the
registrant is the same as the POC for the corresponding whois record
for the address.  There's an RFC that talks about security for rpsl
databases and objects (RFC2725, RPSS) that says a route object should
be validated against BOTH the address and AS maintainers.  A I understand
it, RIPE implements this check in their database.

If ARIN does validate (some) submissions, but receives other submissions
from other sources, it seems worthwhile to flag that difference in
the object.  Something to say whether or not ARIN validated the source.

--Sandy



More information about the ARIN-PPML mailing list