[arin-tech-discuss] ARIN RPKI: smooth transition from hosted to delegated?

Andy Newton andy at arin.net
Mon Nov 25 16:44:08 EST 2013


Unfortunately our system does not have the proper set of features to allow
make-before-break when moving from hosted RPKI to delegated RPKI.
Currently moving from hosted to delegated requires revocation of the CA
certificate in the RPKI and re-issuance of a new certificate.

If this is a feature you would like to have considered for implementation
by ARIN, please submit it as a suggestion via the ARIN Consultation and
Suggestion Process. The one page form for submitting ACSP suggestions can
be found here:

I hope this answers your question. Let me know if it does not.

Andy Newton,
Chief Engineer, ARIN

On 11/25/13 3:09 PM, "Jay Borkenhagen" <jayb at braeburn.org> wrote:

>Regarding https://www.arin.net/resources/rpki/index.html:
>Suppose a resource holder starts off using the Hosted RPKI model and
>later wishes to transition to Delegated RPKI.  Can this transition be
>structured in a make-before-break manner, such that no disruption in
>validation status is experienced?
>Thank you.
>						Jay B.
>arin-tech-discuss mailing list
>arin-tech-discuss at arin.net

More information about the arin-tech-discuss mailing list