[arin-tech-discuss] Sanity check on hosted RPKI private key

Andy Newton andy at arin.net
Tue Feb 17 17:14:03 EST 2015

From: Andrew Gallo <akg1330 at gmail.com<mailto:akg1330 at gmail.com>>
Date: Tuesday, February 17, 2015 at 4:31 PM
To: "arin-tech-discuss at arin.net<mailto:arin-tech-discuss at arin.net>" <arin-tech-discuss at arin.net<mailto:arin-tech-discuss at arin.net>>
Subject: [arin-tech-discuss] Sanity check on hosted RPKI private key

To be clear, the key pair that I'm generating in this step is simply to validate the communication of my ROA request, correct?

The private key that is used to sign the ROA itself is never seen nor accessed by the org using the hosted model, correct?


That is correct. The keypair for Hosted RPKI is for integrity and non-repudiation between you and ARIN. But the keys used in the ROAs and Resource Certificates are different and can only be used for signing by our HSMs.

Andy Newton,
Chief Engineer, ARIN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-tech-discuss/attachments/20150217/73c14eba/attachment.html>

More information about the arin-tech-discuss mailing list