[arin-tech-discuss] Sanity check on hosted RPKI private key
Andrew Gallo
akg1330 at gmail.com
Tue Feb 17 17:19:43 EST 2015
Great. Thanks for the quick reply and confirming my suspicion.
On 2/17/2015 5:14 PM, Andy Newton wrote:
> From: Andrew Gallo <akg1330 at gmail.com<mailto:akg1330 at gmail.com>>
> Date: Tuesday, February 17, 2015 at 4:31 PM
> To: "arin-tech-discuss at arin.net<mailto:arin-tech-discuss at arin.net>" <arin-tech-discuss at arin.net<mailto:arin-tech-discuss at arin.net>>
> Subject: [arin-tech-discuss] Sanity check on hosted RPKI private key
>
>
> To be clear, the key pair that I'm generating in this step is simply to validate the communication of my ROA request, correct?
>
> The private key that is used to sign the ROA itself is never seen nor accessed by the org using the hosted model, correct?
>
>
> Andrew,
>
> That is correct. The keypair for Hosted RPKI is for integrity and non-repudiation between you and ARIN. But the keys used in the ROAs and Resource Certificates are different and can only be used for signing by our HSMs.
>
> Andy Newton,
> Chief Engineer, ARIN
>
More information about the arin-tech-discuss
mailing list