[arin-tech-discuss] RPKI How long to set a ROA certificate

Christopher Morrow morrowc.lists at gmail.com
Fri Jan 11 02:12:53 EST 2019


On Thu, Jan 10, 2019 at 10:29 PM Delacruz, Anthony B <
Anthony.DeLaCruz at centurylink.com> wrote:

> The default using ARIN systems looks to be 10 years. That just feels like
> too long given how other certificates I interact with expire. What is
> everyone else
>

that seems very long.
I expect it might make sense to think about how long do you expect to need
the ROA (for example)? and how often will your automation be able to update
all objects which need to be updated? One other thing to keep in mind is
how long do you think a 'lost' object to be usable?


> tending to do? We’re just putting our toe in the water for this so using
> the hosted to accommodate a few customers as we research and test doing
> delegated which probably would be 2 or so years out. Would I run into
> trouble if it’s too long then switch to us running on our servers? I
> wouldn’t think so just expire it and issue new ones right? Any tips on
> running hosted for a while with intent to switch to delegated?
>

seems correct to me, there may be more wonkery required than at first blush
seems right, but :)
-chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-tech-discuss/attachments/20190111/119bd4db/attachment.html>


More information about the arin-tech-discuss mailing list