[arin-tech-discuss] RPKI Hosted Certificate expiry
Mark Kosters
markk at arin.net
Wed Nov 1 11:12:48 EDT 2017
Hi Andrew
That was a good question – one that merited a bit of research on our part. Here’s what we have.
Yes, ROAs can not be created with dates past the expiration of the hosted certificate.
As for what to do when the time approaches where the hosted cert needs to be renewed, we are wondering what you (and others) would prefer as a way going forward?
Thanks,
Mark
On 10/23/17, 9:48 AM, "arin-tech-discuss on behalf of Andrew Gallo" <arin-tech-discuss-bounces at arin.net on behalf of akg1330 at gmail.com> wrote:
Greetings:
A question came up at an Internet2 meeting concerning hosted RPKI.
Specifically- what happens at the expiration of the Hosted Certificate?
I see that the hosted certificate has a 10-year validity period, and
ROAs can not be created with dates past the expiration of the Hosted
Certificate.
When the expiration of this certificate is approaching, what is the
procedure? Do we need to re-request Hosted Access? Regenerate ROAs?
Will there be an overlap period where both the expiring and new
certificates & ROAs will both be valid (to avoid any gaps in coverage)?
Thank you.
_______________________________________________
arin-tech-discuss mailing list
arin-tech-discuss at arin.net
http://lists.arin.net/mailman/listinfo/arin-tech-discuss
More information about the arin-tech-discuss
mailing list