Send arin-tech-discuss mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.arin.net/mailman/listinfo/arin-tech-discuss
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of arin-tech-discuss digest..."
Today's Topics:
1. silent expiration of ARIN RPKI objects (Jay Borkenhagen)
2. Re: silent expiration of ARIN RPKI objects (Andy Newton)
3. Re: silent expiration of ARIN RPKI objects (Jay Borkenhagen)
4. Re: silent expiration of ARIN RPKI objects (Danny McPherson)
----------------------------------------------------------------------
Message: 1
Date: Fri, 1 Feb 2013 12:23:20 -0500
From: Jay Borkenhagen <[email protected]>
To: <[email protected]>
Subject: [arin-tech-discuss] silent expiration of ARIN RPKI objects
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
ARIN,
A ROA I had recently registered in ARIN's RPKI system silently expired
overnight.
The fact that it expired is not the problem, since I had set the
expiration date when I submitted it.
The problem is that it expired silently.
If ARIN is going to allow RPKI objects to expire, then ARIN should
notify first in advance that an RPKI object is about to expire and
then again when the expiration has occurred. Or perhaps even better:
ARIN could follow the lead of other RIRs including RIPE and auto-renew
objects in the RPKI.
Jay B.
------------------------------
Message: 2
Date: Fri, 1 Feb 2013 18:08:49 +0000
From: Andy Newton <[email protected]>
To: Jay Borkenhagen <[email protected]>, "[email protected]"
<[email protected]>
Subject: Re: [arin-tech-discuss] silent expiration of ARIN RPKI
objects
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="us-ascii"
Jay,
I've put into our issue tracker a request to add a feature that will send
an email notification before a ROA expires, and I will bring this to the
attention of our project management team.
Regarding auto-renewal of ROAs, our system is explicitly designed to
prevent ARIN from issuing ROAs without a signed request from the private
key holder of the organization. Therefore it is not possible for us to
auto-renew a ROA.
Thanks for your suggestion and let me know if you have further questions.
Andy Newton,
Chief Engineer, ARIN
On 2/1/13 12:23 PM, "Jay Borkenhagen" <[email protected]> wrote:
>ARIN,
>
>A ROA I had recently registered in ARIN's RPKI system silently expired
>overnight.
>
>The fact that it expired is not the problem, since I had set the
>expiration date when I submitted it.
>
>The problem is that it expired silently.
>
>If ARIN is going to allow RPKI objects to expire, then ARIN should
>notify first in advance that an RPKI object is about to expire and
>then again when the expiration has occurred. Or perhaps even better:
>ARIN could follow the lead of other RIRs including RIPE and auto-renew
>objects in the RPKI.
>
> Jay B.
>
>
>_______________________________________________
>arin-tech-discuss mailing list
>[email protected]
>http://lists.arin.net/mailman/listinfo/arin-tech-discuss
>
------------------------------
Message: 3
Date: Fri, 1 Feb 2013 13:34:44 -0500
From: Jay Borkenhagen <[email protected]>
To: Andy Newton <[email protected]>
Cc: "[email protected]" <[email protected]>
Subject: Re: [arin-tech-discuss] silent expiration of ARIN RPKI
objects
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
Thank you, but why couldn't a ROA request include an explicit
indication that the party making the request wants it to auto-renew?
Andy Newton writes:
> Jay,
>
> I've put into our issue tracker a request to add a feature that will send
> an email notification before a ROA expires, and I will bring this to the
> attention of our project management team.
>
> Regarding auto-renewal of ROAs, our system is explicitly designed to
> prevent ARIN from issuing ROAs without a signed request from the private
> key holder of the organization. Therefore it is not possible for us to
> auto-renew a ROA.
>
> Thanks for your suggestion and let me know if you have further questions.
>
> Andy Newton,
> Chief Engineer, ARIN
>
> On 2/1/13 12:23 PM, "Jay Borkenhagen" <[email protected]> wrote:
>
> >ARIN,
> >
> >A ROA I had recently registered in ARIN's RPKI system silently expired
> >overnight.
> >
> >The fact that it expired is not the problem, since I had set the
> >expiration date when I submitted it.
> >
> >The problem is that it expired silently.
> >
> >If ARIN is going to allow RPKI objects to expire, then ARIN should
> >notify first in advance that an RPKI object is about to expire and
> >then again when the expiration has occurred. Or perhaps even better:
> >ARIN could follow the lead of other RIRs including RIPE and auto-renew
> >objects in the RPKI.
> >
> > Jay B.
> >
> >
> >_______________________________________________
> >arin-tech-discuss mailing list
> >[email protected]
> >http://lists.arin.net/mailman/listinfo/arin-tech-discuss
> >
>
------------------------------
Message: 4
Date: Fri, 1 Feb 2013 22:45:17 -0500
From: Danny McPherson <[email protected]>
To: Jay Borkenhagen <[email protected]>
Cc: [email protected]
Subject: Re: [arin-tech-discuss] silent expiration of ARIN RPKI
objects
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On Feb 1, 2013, at 1:34 PM, Jay Borkenhagen <[email protected]> wrote:
> Thank you, but why couldn't a ROA request include an explicit
> indication that the party making the request wants it to auto-renew?
Interesting.. Put crypto there and expiry mechanisms in place, but ARIN needs
an auto-renew ad infinitum option? Isn't that primitive (no expiry) one of a
few that led to all the stale data in the IRRs that everyone hates so much?
What should they do if the CA, prefix, or AS certs are going to expire?
Or Router EE Certs (derived from AS certs) that make [BGPSEC] routing work?
-danny
------------------------------
_______________________________________________
arin-tech-discuss mailing list
[email protected]
http://lists.arin.net/mailman/listinfo/arin-tech-discuss
End of arin-tech-discuss Digest, Vol 25, Issue 1
************************************************
