[arin-tech-discuss] Update on upcoming maintenance to ARIN’s RPKI infrastructure

Alex Band alex at nlnetlabs.nl
Wed Jun 23 13:33:30 EDT 2021 

Hi Brad,

Jay and I were just discussing this and noticed your update indicates a 10:00 AM ET start time of the 30-minute period during which ARIN's RPKI repository would not be reachable. If that is indeed the time and full extent of the event, we foresee there being very little disruption, as relying party software will use cached data during that interval.

But we wonder if you actually meant to say 1:00 PM ET == 10:00 AM PT == 1700 UTC. By 17:00 UTC ARIN's current RPKI root certificate and manifest will have expired, as demonstrated by the "Next Update" field in the JDR output at these links:

https://jdr.nlnetlabs.nl/#/search/%2Frpki-repo%2Frsync%2Frpki.arin.net%2Frepository%2Farin-rpki-ta%2Farin-rpki-ta.crl
https://jdr.nlnetlabs.nl/#/search/arin-rpki-ta.crl/%2Frpki-repo%2Frsync%2Frpki.arin.net%2Frepository%2Farin-rpki-ta%2Farin-rpki-ta.mft

Previously ARIN re-signed the CRL and manifest 4 weeks in advance, but that moment has passed a few days ago. We understand ARIN won't actively take action that impacts the integrity of the data. 

Could you let us know on which date you're planning to re-sign these objects?

If you neglect them, the entire ARIN RPKI Certificate Authority will be rejected on the 20th, making all ROAs disappear, including those published by organisations running delegated RPKI under ARIN.

Cheers,

Jay & Alex

> On 22 Jun 2021, at 22:51, Brad Gorman <bgorman at arin.net> wrote:
> 
> ARIN previously announced an upcoming maintenance to our RPKI infrastructure.   
> https://www.arin.net/announcements/20210602-rpki/
> 
> We are updating the notice of this upcoming maintenance with the following additional information:
> 
> 
> 	- July 20th is the date scheduled for this activity  
> 
> 	- We anticipate that the maintenance will take place starting at 10:00 AM ET for a period of 30 minutes
> 
> 	- During the 30-minute window, customers will not be able to reach the ARIN RPKI repository, but ARIN will NOT be 
> 	  taking any action that impacts the integrity of the data contained in the repository
> 
> 
> Sincerely,
> 
> Brad Gorman
> Senior Product Owner, Routing Security
> American Registry for Internet Numbers (ARIN)
> 
> 
> 
> 
> _______________________________________________
> arin-tech-discuss mailing list
> arin-tech-discuss at arin.net
> https://lists.arin.net/mailman/listinfo/arin-tech-discuss

More information about the arin-tech-discuss mailing list