Re: [Community-Discuss] 06 April 2019 RPKI incident - Postmortem report

2019-04-10 Thread Mark Tinka
On 10/Apr/19 21:39, Owen DeLong wrote: > > > If I understand it correctly, however, ALL of the RIRs mirror all of > the other RIRs data,... You mean of the TAL? Mark. ___ Community-Discuss mailing list Community-Discuss@afrinic.net

Re: [Community-Discuss] Core and Extra services of Afrinic

2019-04-10 Thread Sunday Folayan
Hello, IMHO, The community you train today, is the pool of professionals that will work for you tomorrow. Capacity building is investment, insurance and assurance, all in one package. It is the core of all cores. If some services are challenging today, that can be addressed without dissing or

Re: [Community-Discuss] Core and Extra services of Afrinic

2019-04-10 Thread Chevalier du Borg
Le lun. 8 avr. 2019 à 22:26, francis asiboh via Community-Discuss < community-discuss@afrinic.net> a écrit : > > It came to my attention that Afrinic is spending too much money and time > on extra services such as IPv6 workshops and outreach activities while > core services do not appear to have

Re: [Community-Discuss] 06 April 2019 RPKI incident - Postmortem report

2019-04-10 Thread Owen DeLong
> On Apr 10, 2019, at 6:57 AM, Noah wrote: > > > > On Wed, Apr 10, 2019 at 4:04 PM Owen DeLong > wrote: > If you automate the process, you have to store the private key in a manner in > which it can be accessed automatically. > > The only process that needs

Re: [Community-Discuss] 06 April 2019 RPKI incident - Postmortem report

2019-04-10 Thread Mark Tinka
On 10/Apr/19 14:59, Owen DeLong wrote: > > RPKI is operational. I’m not sure how serious it is, as I have trouble > taking seriously a system which, at best, tells you what you need to > prepend. It’s a nice protection from fat fingers, but, in its current > state, it provides little to no

Re: [Community-Discuss] Hi

2019-04-10 Thread Sander Steffann
Hello, > I am new to this discussion, can someone update about the topics. There is a lot of history. I suggest you go to https://lists.afrinic.net/pipermail/community-discuss/ to read up on what has been happening here. You can find the full history of this list there. Cheers, Sander

[Community-Discuss] Hi

2019-04-10 Thread kaddyjatou2
I am new to this discussion, can someone update about the topics. Sent from my Samsung Galaxy smartphone.___ Community-Discuss mailing list Community-Discuss@afrinic.net https://lists.afrinic.net/mailman/listinfo/community-discuss

Re: [Community-Discuss] 06 April 2019 RPKI incident - Postmortem report

2019-04-10 Thread Ben Maddison via Community-Discuss
Hi Owen, On 2019-04-10 15:00:28+02:00 Owen DeLong wrote: On Apr 10, 2019, at 3:57 AM, Ben Maddison via Community-Discuss mailto:community-discuss@afrinic.net>> wrote: Hi all, On 2019-04-10 12:10:22+02:00 Noah wrote: +1 and Ack @saul On Wed, 10 Apr 2019, 12:57 Saul Stein,

Re: [Community-Discuss] 06 April 2019 RPKI incident - Postmortem report

2019-04-10 Thread Noah
On Wed, Apr 10, 2019 at 4:04 PM Owen DeLong wrote: > If you automate the process, you have to store the private key in a manner > in which it can be accessed automatically. > The only process that needs automation is the timing of when certificates expire next [1] so as to best inform the

Re: [Community-Discuss] 06 April 2019 RPKI incident - Postmortem report

2019-04-10 Thread Saul Stein
Owen, The issue I am referring to is another issue – I was told it was Javascript related. It was December 2018 – known issue for 3 weeks. I think that Ben has the right idea – we need to move this to the RPKI list and manage expectations. Cheers Saul From: Owen DeLong

Re: [Community-Discuss] 06 April 2019 RPKI incident - Postmortem report

2019-04-10 Thread Daniel Shaw via Community-Discuss
Hi Mark, Saul, Sunday, all, I suppose that Cedrick or other staff may possibly reply in due course with more details as regards this specific implementation of a CA (aka the AFRINIC RPKI CA). However let me respond a bit generally about the reason to have an offline portion of a CA.

Re: [Community-Discuss] 06 April 2019 RPKI incident - Postmortem report

2019-04-10 Thread Owen DeLong
> The last issue I had, when no ROAs could be added, deleted etc, it was > admitted that the issue was known about for over two weeks without anything > on the announce list or being fixed! After escalation to the CEO and others > it was fixed in a couple of hours! > I believe that is a

Re: [Community-Discuss] 06 April 2019 RPKI incident - Postmortem report

2019-04-10 Thread Owen DeLong
If you automate the process, you have to store the private key in a manner in which it can be accessed automatically. This compromises the integrity of the key as it must be stored online (or be usable through an on-line process) rather than being kept offline and utilized via an HSM or other

Re: [Community-Discuss] 06 April 2019 RPKI incident - Postmortem report

2019-04-10 Thread Owen DeLong
> On Apr 10, 2019, at 3:57 AM, Ben Maddison via Community-Discuss > wrote: > > Hi all, > > On 2019-04-10 12:10:22+02:00 Noah wrote: > > +1 and Ack @saul > > On Wed, 10 Apr 2019, 12:57 Saul Stein, > wrote: > Agreed. > > > There is a bigger issue at stake

Re: [Community-Discuss] 06 April 2019 RPKI incident - Postmortem report

2019-04-10 Thread Ben Maddison via Community-Discuss
Hi all, On 2019-04-10 12:10:22+02:00 Noah wrote: +1 and Ack @saul On Wed, 10 Apr 2019, 12:57 Saul Stein, mailto:s...@enetworks.co.za>> wrote: Agreed. There is a bigger issue at stake here: I have yet to see any evidence that AFRINIC takes RPKI seriously. Until relatively recently, this

Re: [Community-Discuss] 06 April 2019 RPKI incident - Postmortem report

2019-04-10 Thread Sunday Folayan
Hi Cedrick and the team, Can the certificate generation and update be automated and handled by a script? I guess alerts when such an update fails will be taken more seriously. Can the AfriNIC RPKI-WG be more involved in assuring stability rather than leave the community to discover and complain?

Re: [Community-Discuss] 06 April 2019 RPKI incident - Postmortem report

2019-04-10 Thread Noah
+1 and Ack @saul On Wed, 10 Apr 2019, 12:57 Saul Stein, wrote: > Agreed. > > > > There is a bigger issue at stake here: I have yet to see any evidence that > AFRINIC takes RPKI seriously. > > The last issue I had, when no ROAs could be added, deleted etc, it was > admitted that the issue was

Re: [Community-Discuss] 06 April 2019 RPKI incident - Postmortem report

2019-04-10 Thread Saul Stein
Agreed. There is a bigger issue at stake here: I have yet to see any evidence that AFRINIC takes RPKI seriously. The last issue I had, when no ROAs could be added, deleted etc, it was admitted that the issue was known about for over two weeks without anything on the announce list or being

Re: [Community-Discuss] 06 April 2019 RPKI incident - Postmortem report

2019-04-10 Thread Mark Tinka
Thanks, Cedrick. A question that is, perhaps, obvious... are you able to take the human component out of this? If 2 reminders were not enough to get the humans to act, I'm not sure the current methodology is sustainable. Mark. On 8/Apr/19 17:46, Cedrick Adrien Mbeyet wrote: > > Dear AFRINIC