problem with 6bone whois db and mnt-lower

Bob Fink fink@es.net
Sat, 20 Oct 2001 08:16:16 -0700

Previous message: 2001:400::/29
Next message: pTLA request for AOL (wwwv6.aolv6.aol.com) - review closes 8 November 2001
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Petr,

I think this may start from the fact that the 3FFE::/16 inet6num object is 
not protected by mnt-lower to allow folks to setup and maintain their own 
pTLA entries (/24, /28) under it. If I didn't do that (I discussed this 
with David Kessens when we originally started out the 3FFE space) I would 
forever be maintaining all of these entries.

However, I don't know if this then affects the ability to protect space 
below that with mnt-lower.

Their has been no intentional abuse of the database to date and we want to 
encourage 6bone participants to use it by keeping it non-complicated and 
not requiring admin staff to support it.

Have forwarded this to David Kessens to answer further, and maybe give some 
more of the philosophy on this.


Bob

===
At 03:37 PM 10/20/2001 +0200, Petr Baudis wrote:
>Hi,
>
>in http://www.6bone.net/RIPE-registry.html it is said that:
>"mnt-lower ... pointer to maintainer object which describes who is allowed to
>*create* objects for SLAs part of the 'inet6num:' object" and
>"You can protect against people creating (only creating) objects direct (one
>level) below in the hierarchy of an object type (only for 'inet6num:/domain:'
>objects) by using your maintainer in a 'mnt-lower:' attribute. The
>authorization method of this maintainer object will then be used upon creation
>of any object direct below the object that contains the 'mnt-lower:'
>attribute."
>
>We wanted to use this feature, however, it seems it is not working
>unfortunately.  We created 3ffe:80ee::/32 inet6num with mnt-lower: NEXTRA-MNT
>attribute. Then, we created 3ffe:80ee::/64 inet6num with different mnt-by
>attribute (PB-6BONE) without any problems, which should NOT be allowed, as we
>understand the specification. We also tried 3ffe:80ee::/33, for the case we
>understood the 'one level' in a wrong way, with no problems at all too.
>
>This means that anyone can create inet6num object anywhere, we think, which
>doesn't look very well. We want to restrict creation of inet6num objects in
>this range, as we want to handle them ourselves on our own whois server, for
>many technical reasons.
>
>Can please anyone enlighten us or fix the problem in whois6d, if there exists
>any?
>
>Thanks in advance,
>
>--
>
>                                 Petr "Pasky" Baudis
>.                                                                       .
>Real Users hate Real Programmers.
>Error in /home/tokra/.muttrc, line 145: previous-undead: no such function 
>in map
>.                                                                       .
>Public PGP key, geekcode and stuff: http://pasky.ji.cz/~pasky/

Previous message: 2001:400::/29
Next message: pTLA request for AOL (wwwv6.aolv6.aol.com) - review closes 8 November 2001
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]