nanog mailing list archives
RE: Proof of ownership; when someone demands you remove a prefix
From: "Sean Pedersen" <spedersen.lists () gmail com>
Date: Tue, 13 Mar 2018 07:23:06 -0700
In this case we defaulted to trusting our customer and their LOA over a stranger on the Internet and asked our customer to review the request. Unfortunately, that doesn't necessarily mean a stranger on the Internet isn't the actual assignee. A means to definitively prove "ownership" from a technical angle would be great. In the example provided in my original e-mail, it appears that an IP broker or related scammer gained access to the assignee's RIR account and made some object updates (e-mail, country, etc.) that they could use to "prove" they had authority to make the request. I assume their offer of proof would have been to send us an email from the dubious @yahoo.com account they had listed as the admin contact. I agree with a private response that I received that at some point lawyers probably need to take over if a technical solution to verification is not reached. I'm not terribly current on resource certification, but would RPKI play a role here? It looks like its application is limited to authenticating the announcement of resources to prevent route hijacking. If you've authorized a 3rd party to announce your routes, could you assign a certificate to that 3rd party for a specific resource and then revoke it if they are no longer authorized? Would it matter if someone gains access to your RIR/LIR account and revokes the certificate? This would assume protocol compatibility, that everyone is using it, etc. -----Original Message----- From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Jason Hellenthal Sent: Monday, March 12, 2018 6:40 PM To: George William Herbert <george.herbert () gmail com> Cc: nanog () nanog org Subject: Re: Proof of ownership; when someone demands you remove a prefix How about signed ownership ? (https://keybase.io) if you are able to update the record … and it is able to be signed then shouldn’t that be proof enough of ownership of the ASN ? If you can update a forward DNS record then you can have the reverse record updated in the same sort of fashion and signed by a third party to provide first party of authoritative ownership… Assuming you have an assigned ASN and the admin has taken the time to let alone understand the concept and properly prove the identity in the first place… (EV cert ?) Just a light opinion from … https://jhackenthal.keybase.pub Trust is a big issue these days and validation even worse given SSL trust. -- The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
On Mar 12, 2018, at 21:20, George William Herbert <george.herbert () gmail com> wrote: Ownership?... (Duck) -george Sent from my iPhoneOn Mar 12, 2018, at 4:11 PM, Randy Bush <randy () psg com> wrote: it's a real shame there is no authorative cryptographically verifyable attestation of address ownership.
Current thread:
- Re: Proof of ownership; when someone demands you remove a prefix, (continued)
- Re: Proof of ownership; when someone demands you remove a prefix james jones (Mar 12)
- Re: Proof of ownership; when someone demands you remove a prefix Matt Harris (Mar 12)
- Re: Proof of ownership; when someone demands you remove a prefix nop (Mar 12)
- RE: Proof of ownership; when someone demands you remove a prefix Sean Pedersen (Mar 12)
- RE: Proof of ownership; when someone demands you remove a prefix Naslund, Steve (Mar 12)
- Re: Proof of ownership; when someone demands you remove a prefix William Herrin (Mar 12)
- Re: Proof of ownership; when someone demands you remove a prefix Jim Mercer (Mar 12)
- Re: Proof of ownership; when someone demands you remove a prefix nop (Mar 12)
- Re: Proof of ownership; when someone demands you remove a prefix George William Herbert (Mar 12)
- Re: Proof of ownership; when someone demands you remove a prefix Jason Hellenthal (Mar 12)
- RE: Proof of ownership; when someone demands you remove a prefix Sean Pedersen (Mar 13)
- Re: Proof of ownership; when someone demands you remove a prefix Jimmy Hess (Mar 13)
- RE: Proof of ownership; when someone demands you remove a prefix Naslund, Steve (Mar 13)
- Re: Proof of ownership; when someone demands you remove a prefix William Herrin (Mar 13)
- RE: Proof of ownership; when someone demands you remove a prefix Naslund, Steve (Mar 13)
- RE: Proof of ownership; when someone demands you remove a prefix Sean Pedersen (Mar 13)
- Re: Proof of ownership; when someone demands you remove a prefix Job Snijders (Mar 13)
- Re: Proof of ownership; when someone demands you remove a prefix Tony Tauber (Mar 13)
- Re: Proof of ownership; when someone demands you remove a prefix William Herrin (Mar 13)
- RE: Proof of ownership; when someone demands you remove a prefix Naslund, Steve (Mar 13)