[arin-tech-discuss] RPKI Hosted Certificate expiry

Mark Kosters markk at arin.net
Wed Nov 1 11:12:48 EDT 2017


Hi Andrew

That was a good question – one that merited a bit of research on our part. Here’s what we have.

Yes, ROAs can not be created with dates past the expiration of the hosted certificate. 

As for what to do when the time approaches where the hosted cert needs to be renewed, we are wondering what you (and others) would prefer as a way going forward?

Thanks,
Mark

On 10/23/17, 9:48 AM, "arin-tech-discuss on behalf of Andrew Gallo" <arin-tech-discuss-bounces at arin.net on behalf of akg1330 at gmail.com> wrote:

    Greetings:
    
    A question came up at an Internet2 meeting concerning hosted RPKI.  
    Specifically- what happens at the expiration of the Hosted Certificate?
    
    I see that the hosted certificate has a 10-year validity period, and 
    ROAs can not be created with dates past the expiration of the Hosted 
    Certificate.
    
    When the expiration of this certificate is approaching, what is the 
    procedure?  Do we need to re-request Hosted Access? Regenerate ROAs?  
    Will there be an overlap period where both the expiring and new 
    certificates & ROAs will both be valid (to avoid any gaps in coverage)?
    
    Thank you.
    
    _______________________________________________
    arin-tech-discuss mailing list
    arin-tech-discuss at arin.net
    http://lists.arin.net/mailman/listinfo/arin-tech-discuss
    



More information about the arin-tech-discuss mailing list