[arin-tech-discuss] silent expiration of ARIN RPKI objects
John Curran
jcurran at arin.net
Sun Feb 3 08:46:43 EST 2013
On Feb 1, 2013, at 1:34 PM, Jay Borkenhagen <jayb at braeburn.org> wrote:
> Thank you, but why couldn't a ROA request include an explicit
> indication that the party making the request wants it to auto-renew?
Jay -
To elaborate some on Andy's response:
We've taken some significant steps to ensure that ARIN is only
issuing certificates via an explicit signed request from the
private key holder of an organization, and the benefit of this
is that parties relying on these certificates know that they
were actually issued by specific request of organization (as
opposed to a certificate existing due to an implied business
rule with ARIN's systems, etc.) To do otherwise would require
ARIN have the ability to readily create certificates on behalf
of a resource holder independent of an actual request, and that
is neither desirable by ARIN nor by those who rely upon this
information to be actual assertions of resource holders.
FYI,
/John
John Curran
President and CEO
ARIN
More information about the arin-tech-discuss
mailing list