North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: LoA (Letter of Authorization) for Prefix Filter Modification?

  • From: Stephen Sprunk
  • Date: Thu Sep 18 13:02:25 2008

Azinger, Marla wrote:
I use RWHOIS for proof of who we assign and allocate address space to. I dont believe an LOA is any more valid or secure than my RWHOIS data base that I keep and update on a daily basis. In this case I find it a waste of time when people ask me for LOA's when they can verify the info on my RWHOIS site. And I point these people to my RWHOIS site when they ask for LOA as opposed to wasting my time on creating paperwork. However, if you dont have something like that set up, then I do see the value in people asking for LOA and thus helping to ensure address space isnt getting hijacked.

How is _you_ showing information in an RWHOIS server that _you_ control in any way proving that the holder of a address block is authorizing _you_ to advertise it on their behalf? It is not unreasonable for your upstreams to ask for some proof _from the holder_ rather than simply trusting you. For all they know, you're just hijacking random address space and putting it in your RWHOIS server.


Would you be happy if some random Tier 1 started letting _their_ customers advertise _your_ address space, just because those customers had put up an RWHOIS server claiming it was theirs?

This is not about asking you for an LoA for your own address space, which any moron can follow in a reasonably trustworthy chain from ARIN to you. It's about address space that is _not_ directly registered to the company trying to get a filter exception.

S