[arin-tech-discuss] silent expiration of ARIN RPKI objects

John Curran jcurran at arin.net
Sun Feb 3 08:46:43 EST 2013

On Feb 1, 2013, at 1:34 PM, Jay Borkenhagen <jayb at braeburn.org> wrote:

> Thank you, but why couldn't a ROA request include an explicit
> indication that the party making the request wants it to auto-renew?

Jay - 
  To elaborate some on Andy's response:

  We've taken some significant steps to ensure that ARIN is only 
  issuing certificates via an explicit signed request from the 
  private key holder of an organization, and the benefit of this 
  is that parties relying on these certificates know that they  
  were actually issued by specific request of organization (as 
  opposed to a certificate existing due to an implied business 
  rule with ARIN's systems, etc.)  To do otherwise would require
  ARIN have the ability to readily create certificates on behalf 
  of a resource holder independent of an actual request, and that 
  is neither desirable by ARIN nor by those who rely upon this 
  information to be actual assertions of resource holders.


John Curran
President and CEO

More information about the arin-tech-discuss mailing list