[arin-announce] New RPKI Trust Anchor
ARIN
info at arin.net
Wed Sep 20 09:13:04 EDT 2017
On 19 September 2017, ARIN held a key ceremony to move to a RPKI Trust
Anchor that reflects all holdings (0/0) to fulfill our commitment to the
deadline set by the Number Resource Organization (NRO) for all of the
Regional Internet Registries (RIRs). This action is detailed in the “All
Resources Applicability Statement” dated 21 January 2017:
https://tools.ietf.org/html/draft-rir-rpki-allres-ta-app-statement
"This document provides an applicability statement for the use of
multiple, over-claiming ‘all resources’ (0/0) RPKI certificate
authorities (CA) certificates used as trust anchors (TAs) operated by
the Regional Internet Registry community to help mitigate the risk of
massive downstream invalidation in the case of transient registry
inconsistencies."
To mitigate the risk and alleviate this threat, the RIRs agreed to move
from a Trust Anchor that reflects only their current holdings to one
that reflects all holdings. This improvement will provide a more robust
way of allowing resources that are covered under RPKI to be transferred
from one RIR to another.
Note that current ARIN RPKI users do not need to re-download the TAL, as
the TAL has not changed.
If you are new to RPKI and want to start validating RPKI data from the
ARIN region, you can download the ARIN TAL from the following location:
https://www.arin.net/resources/rpki/tal.html
Regards,
Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)
More information about the ARIN-announce
mailing list