Re: RPKI Mgmt Changes at ARIN (was: Fwd: [arin-announce] Upcoming Changes to ARIN’s Resource Public Key Infrastructure (RPKI))

Sat Apr 15 18:26:12 UTC 2023

Chris -

Indeed - these are some frequently sought changes that also bring our RPKI interface closer to practices in other regions.

I will note that we do lose something in the process - currently ARIN’s RPKI system has clear non-repudiation attributes (i.e., the issuance of an ROA is assuredly done by the controlling operator [as opposed to a function of ARIN’s automation or staff]) since ARIN never possesses the necessary private key.    Changing to allow easy issuance and rollover appears to be the community’s preference, so we have undertaken the necessary development and process changes.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

> On Apr 15, 2023, at 2:10 PM, Christopher Morrow <morrowc.lists at gmail.com> wrote:
> 
> On Fri, Apr 14, 2023 at 5:41 PM Ca By <cb.list6 at gmail.com> wrote:
>> 
>> 
>> 
>>> 
>>> **ROA Auto-renewal**
>>> 
>>> After the May software release, any ROA created via ARIN Online or the new RESTful provisioning endpoint will be automatically renewed, meaning all newly created ROAs will persist indefinitely until they are manually deleted. ARIN will also apply the auto-renew feature to any existing ROAs when we deploy this new functionality.
>>> 
>>> Please note: Any new ROAs created with the legacy RESTful endpoint will not be auto-renewed. If you would like your ROAs to be auto-renewed, you will need to use ARIN Online or the new RESTful provisioning endpoint. ARIN will be contacting customers who have created ROAs in both ARIN Online and REST to determine how they prefer to manage their existing ROAs
>> 
>> Thanks John and ARIN team, this auto-renew is a big deal and helps take a lot of stress off our plates
> 
> oh! there's a bunch of pretty good improvements here, thanks! (john
> and cameron for raising this mail up in the my stack)
> 
> -chris