Routing Assets Database

The Routing Assets Database (RADb), formerly known as the Routing Arbiter Database is a public database in which the operators of Internet networks publish authoritative declarations of routing policy for their Autonomous System (AS) which are, in turn, used by the operators of other Internet networks to configure their inbound routing policy filters. The RADb, operated by the University of Michigan's Merit Network, was the first such database, but others followed in its wake, forming a loose confederation of Internet routing registries, containing sometimes-overlapping, and sometimes-conflicting, routing policy data, expressed in Routing Policy Specification Language (RPSL) syntax.

History
The RADb was developed in the early 1990s as part of the National Science Foundation (NSF)-funded Routing Arbiter Project. The Routing Policy Specification Language was subsequently retroactively formalized in RFC 2280, in January, 1998.

Usage
Historically, most larger Internet service providers, and all within the European RIPE NCC region require customers to be registered in an Internet Routing Registry prior to propagating BGP announcements of their routes. This has not been a rigorously-enforced operational standard, however, and has declined since a peak in the early 2000s.

Security
The Internet Routing Registry system is an artifact of the 1990s era of the Internet, as the Internet's economy and governance were in transition from an academic mode to a commercial mode, and predate the era of ubiquitous cryptography. The RADb initially relied upon a trust model, in which write access to the database was not strictly controlled. A write-permissions access model was subsequently added, in which individuals or roles representing each Autonomous System had authority to write records related to that AS, including which IP address blocks it would originate routing advertisements for, and which other Autonomous Systems were allowed to advertise transit routing paths to it. The first generation of security allowed network operators to specify a MAIL-FROM attribute, requiring that updates be sent from a specific email address. Next, (B)CRYPT-PW / MD5-PW password hash authentication was added, and finally a PGP-KEY attribute was added, allowing users to cryptographically sign submitted edits. Subsequent work by the Regional Internet Registries created additional IRRs which strictly tied permission to advertise IP blocks to RIR allocation data. But since DNSSEC already existed and had been applied to the in-addr zone, no end-to-end cryptographic integrity mechanism was ever added to RPSL.