<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: arial,helvetica,sans-serif; font-size: 10pt; color: #000000'>Nothing went south for me, just got an email from ARIN reminding me that they were about to expire.<br><br>The reasons you stated all make sense. We'll just have to make sure it's easy enough for the less skilled or more busy operators to comply with current best practices, lest they not do it at all to avoid the hassle.<br><br><div><span name="x"></span><br style="color:rgb( 0 , 0 , 0 );font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><br style="color:rgb( 0 , 0 , 0 );font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="color:rgb( 0 , 0 , 0 );font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline !important;float:none">-----</span><br style="color:rgb( 0 , 0 , 0 );font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="color:rgb( 0 , 0 , 0 );font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline !important;float:none">Mike Hammett</span><br style="color:rgb( 0 , 0 , 0 );font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><a href="http://www.ics-il.com/" style="font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank" rel="nofollow noopener noreferrer">Intelligent Computing Solutions</a><br style="color:rgb( 0 , 0 , 0 );font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><a href="https://www.facebook.com/ICSIL" style="font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank" rel="nofollow noopener noreferrer"><img src="http://www.ics-il.com/images/fbicon.png" style="border:0pt none"></a><a href="https://plus.google.com/+IntelligentComputingSolutionsDeKalb" style="font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank" rel="nofollow noopener noreferrer"><img src="http://www.ics-il.com/images/googleicon.png" style="border:0pt none"></a><a href="https://www.linkedin.com/company/intelligent-computing-solutions" style="font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank" rel="nofollow noopener noreferrer"><img src="http://www.ics-il.com/images/linkedinicon.png" style="border:0pt none"></a><a href="https://twitter.com/ICSIL" style="font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank" rel="nofollow noopener noreferrer"><img src="http://www.ics-il.com/images/twittericon.png" style="border:0pt none"></a><br style="color:rgb( 0 , 0 , 0 );font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><a href="http://www.midwest-ix.com/" style="font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank" rel="nofollow noopener noreferrer">Midwest Internet Exchange</a><br style="color:rgb( 0 , 0 , 0 );font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><a href="https://www.facebook.com/mdwestix" style="font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank" rel="nofollow noopener noreferrer"><img src="http://www.ics-il.com/images/fbicon.png" style="border:0pt none"></a><a href="https://www.linkedin.com/company/midwest-internet-exchange" style="font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank" rel="nofollow noopener noreferrer"><img src="http://www.ics-il.com/images/linkedinicon.png" style="border:0pt none"></a><a href="https://twitter.com/mdwestix" style="font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank" rel="nofollow noopener noreferrer"><img src="http://www.ics-il.com/images/twittericon.png" style="border:0pt none"></a><br style="color:rgb( 0 , 0 , 0 );font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><a href="http://www.thebrotherswisp.com/" style="font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank" rel="nofollow noopener noreferrer">The Brothers WISP</a><br style="color:rgb( 0 , 0 , 0 );font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><a href="https://www.facebook.com/thebrotherswisp" style="font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank" rel="nofollow noopener noreferrer"><img src="http://www.ics-il.com/images/fbicon.png" style="border:0pt none"></a><a href="https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg" style="font-family:'times new roman';font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank" rel="nofollow noopener noreferrer"><img src="http://www.ics-il.com/images/youtubeicon.png" style="border:0pt none"></a><span name="x"></span><br></div><hr id="zwchr"><div style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"Jared Mauch" <jared@puck.nether.net><br><b>To: </b>"Mike Hammett" <nanog@ics-il.net><br><b>Cc: </b>"NANOG" <nanog@nanog.org><br><b>Sent: </b>Tuesday, January 3, 2023 9:39:10 AM<br><b>Subject: </b>Re: ROAs Expire<br><br>On Tue, Jan 03, 2023 at 08:56:28AM -0600, Mike Hammett wrote:<br>> ROAs expire. Creating new ones doesn't seem to be terribly difficult, but why do they expire in the first place? <br><br>        There's several reasons I can see why one would want this:<br><br>1) to ensure that proper care is maintained over the IP space, domains,<br>certificiates (ROA is a certificiate), etc expire and require renewal.<br><br>2) If there's a new cipher algo flaw or similar, it may become necessary<br>to rotate things.<br><br>3) to help avoid some of the problems that exist with unmaintained IRR<br>objects.<br><br>        There's more I'm sure, but this is one of the reasons that I<br>personally have been hesitatant to roll out some tools, eg: DNSSEC<br>(which suffers from a variety of ciphers and for some cases lack of<br>ability to publish to parents - i think this was largely resolved).<br><br>        With this increased security also comes to increased fragility,<br>which I suspect is what you are writing about, something likely broke<br>for you or someone else due to lack of checking the status of the ROA<br>expiration.<br><br>        This has happened in the past with domains, including big name<br>ones, so having something setup (eg: roa watch, similar to x509watch on<br>*nix systems) would be appropriate.<br><br>        I'm sure others can refer to tools or services that can do this,<br>but it's always a good idea to check your objects and watch when they go<br>away or expire.<br><br>        - Jared<br><br>-- <br>Jared Mauch  | pgp key available via finger from jared@puck.nether.net<br>clue++;      | http://puck.nether.net/~jared/  My statements are only mine.<br></div><br></div></body></html>