netsec-sig - [Security-WG] Fwd: [arin-announce] New RPKI Trust Anchor
Subject: Internet2 Network Security SIG
List archive
- From: David Farmer <>
- To:
- Subject: [Security-WG] Fwd: [arin-announce] New RPKI Trust Anchor
- Date: Wed, 20 Sep 2017 10:31:55 -0500
- Ironport-phdr: 9a23:n5/XWxeDwfWdz/X7QxI0rAPzlGMj4u6mDksu8pMizoh2WeGdxcu8ZR7h7PlgxGXEQZ/co6odzbGH4+a4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9GiTe5Yr5+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v6bpgRh31hycdLzM28m/XhMx+gqxYvRyvuQBwzpXOb42JLvdzZL/Rcc8YSGdHQ81fVzZBAoS5b4YXAeQOJ/hYr4jgqFATrRWxHxOsBObxxT9Sm3T72qM63P47EQHDwgMgBckDsGnRrNXzLqsdT/26zLTRwDjFcvhY1zD96I3SfRAgp/GBRah/cdDQyUkpDQ/FiEufqZD9MzOUyOsNr2ab4/BnVeK1hG4qrRx6rDu3xso0l4XEiI0YxkrH+Ch22oo5ONm1RU9hbdK6DJddtjmWO5VqTs4mWW1luyY3xqcYtZKmfCUG0pUqyhrZZveaaYaH+AjjW/yUITpghHJqZra/hxGq/Eil1u3zTNC40E5LoyZfldnMt2wN2wbO6siCTPtx5Fmu1iuS1wzL6+FEJ147lbbDJpI8zLM9mYAfvEfMEyPshUn7iK6bel869uS06unrerDmqYWdN49whAH+KKMumsmnDOQ2KAcORW2b9vqm1LD44E35RbNKguconabErZDWPd4bqbKhAw9JzoYj7A6yDyy439sEgHkHNlNFeA6HjoTwNVDOL+v1DfO+g1S3jDdr3O7KMqfgApXLMnjMjq3hfbBj5E5A1gY/185Q6I9JCuJJHPWmQUL6qcbZEg58LAOcwuD7Bc97259EH2+DH/y3KqTX5HOB+OMja8eFfooYon6pJfE/4vP0pWI8nxkQcbT/jshfU2yxAvkzexbRWnHrmNpUSWo=
FYI, I thought this might be of interest.
--
---------- Forwarded message ----------
From: ARIN <>
Date: Wed, Sep 20, 2017 at 8:13 AM
Subject: [arin-announce] New RPKI Trust Anchor
To:
On 19 September 2017, ARIN held a key ceremony to move to a RPKI Trust Anchor that reflects all holdings (0/0) to fulfill our commitment to the deadline set by the Number Resource Organization (NRO) for all of the Regional Internet Registries (RIRs). This action is detailed in the “All Resources Applicability Statement” dated 21 January 2017:
https://tools.ietf.org/html/draft-rir-rpki-allres-ta-app-statement
"This document provides an applicability statement for the use of multiple, over-claiming ‘all resources’ (0/0) RPKI certificate authorities (CA) certificates used as trust anchors (TAs) operated by the Regional Internet Registry community to help mitigate the risk of massive downstream invalidation in the case of transient registry inconsistencies."
To mitigate the risk and alleviate this threat, the RIRs agreed to move from a Trust Anchor that reflects only their current holdings to one that reflects all holdings. This improvement will provide a more robust way of allowing resources that are covered under RPKI to be transferred from one RIR to another.
Note that current ARIN RPKI users do not need to re-download the TAL, as the TAL has not changed.
If you are new to RPKI and want to start validating RPKI data from the ARIN region, you can download the ARIN TAL from the following location:
https://www.arin.net/resources/rpki/tal.html
Regards,
Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)
_______________________________________
From: ARIN <>
Date: Wed, Sep 20, 2017 at 8:13 AM
Subject: [arin-announce] New RPKI Trust Anchor
To:
On 19 September 2017, ARIN held a key ceremony to move to a RPKI Trust Anchor that reflects all holdings (0/0) to fulfill our commitment to the deadline set by the Number Resource Organization (NRO) for all of the Regional Internet Registries (RIRs). This action is detailed in the “All Resources Applicability Statement” dated 21 January 2017:
https://tools.ietf.org/html/dr
"This document provides an applicability statement for the use of multiple, over-claiming ‘all resources’ (0/0) RPKI certificate authorities (CA) certificates used as trust anchors (TAs) operated by the Regional Internet Registry community to help mitigate the risk of massive downstream invalidation in the case of transient registry inconsistencies."
To mitigate the risk and alleviate this threat, the RIRs agreed to move from a Trust Anchor that reflects only their current holdings to one that reflects all holdings. This improvement will provide a more robust way of allowing resources that are covered under RPKI to be transferred from one RIR to another.
Note that current ARIN RPKI users do not need to re-download the TAL, as the TAL has not changed.
If you are new to RPKI and want to start validating RPKI data from the ARIN region, you can download the ARIN TAL from the following location:
https://www.arin.net/resources
Regards,
Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)
______________________________
===============================================
David Farmer
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 612-626-0815
Minneapolis, MN 55414-3029 Cell: 612-812-9952
===============================================
David Farmer
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 612-626-0815
Minneapolis, MN 55414-3029 Cell: 612-812-9952
===============================================
- [Security-WG] Fwd: [arin-announce] New RPKI Trust Anchor, David Farmer, 09/20/2017
- Re: [Security-WG] Fwd: [arin-announce] New RPKI Trust Anchor, Dale W. Carder, 09/20/2017
- Re: [Security-WG] Fwd: [arin-announce] New RPKI Trust Anchor, David Farmer, 09/20/2017
- Re: [Security-WG] Fwd: [arin-announce] New RPKI Trust Anchor, Dale W. Carder, 09/20/2017
Archive powered by MHonArc 2.6.19.