Skip to Content.
Sympa Menu

netsec-sig - [Security-WG] Fwd: [arin-announce] New RPKI Trust Anchor

Subject: Internet2 Network Security SIG

List archive

[Security-WG] Fwd: [arin-announce] New RPKI Trust Anchor


Chronological Thread 
  • From: David Farmer <>
  • To:
  • Subject: [Security-WG] Fwd: [arin-announce] New RPKI Trust Anchor
  • Date: Wed, 20 Sep 2017 10:31:55 -0500
  • Ironport-phdr: 9a23:n5/XWxeDwfWdz/X7QxI0rAPzlGMj4u6mDksu8pMizoh2WeGdxcu8ZR7h7PlgxGXEQZ/co6odzbGH4+a4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9GiTe5Yr5+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v6bpgRh31hycdLzM28m/XhMx+gqxYvRyvuQBwzpXOb42JLvdzZL/Rcc8YSGdHQ81fVzZBAoS5b4YXAeQOJ/hYr4jgqFATrRWxHxOsBObxxT9Sm3T72qM63P47EQHDwgMgBckDsGnRrNXzLqsdT/26zLTRwDjFcvhY1zD96I3SfRAgp/GBRah/cdDQyUkpDQ/FiEufqZD9MzOUyOsNr2ab4/BnVeK1hG4qrRx6rDu3xso0l4XEiI0YxkrH+Ch22oo5ONm1RU9hbdK6DJddtjmWO5VqTs4mWW1luyY3xqcYtZKmfCUG0pUqyhrZZveaaYaH+AjjW/yUITpghHJqZra/hxGq/Eil1u3zTNC40E5LoyZfldnMt2wN2wbO6siCTPtx5Fmu1iuS1wzL6+FEJ147lbbDJpI8zLM9mYAfvEfMEyPshUn7iK6bel869uS06unrerDmqYWdN49whAH+KKMumsmnDOQ2KAcORW2b9vqm1LD44E35RbNKguconabErZDWPd4bqbKhAw9JzoYj7A6yDyy439sEgHkHNlNFeA6HjoTwNVDOL+v1DfO+g1S3jDdr3O7KMqfgApXLMnjMjq3hfbBj5E5A1gY/185Q6I9JCuJJHPWmQUL6qcbZEg58LAOcwuD7Bc97259EH2+DH/y3KqTX5HOB+OMja8eFfooYon6pJfE/4vP0pWI8nxkQcbT/jshfU2yxAvkzexbRWnHrmNpUSWo=

FYI, I thought this might be of interest.

---------- Forwarded message ----------
From: ARIN <>
Date: Wed, Sep 20, 2017 at 8:13 AM
Subject: [arin-announce] New RPKI Trust Anchor
To:


On 19 September 2017, ARIN held a key ceremony to move to a RPKI Trust Anchor that reflects all holdings (0/0) to fulfill our commitment to the deadline set by the Number Resource Organization (NRO) for all of the Regional Internet Registries (RIRs). This action is detailed in the “All Resources Applicability Statement” dated 21 January 2017:

https://tools.ietf.org/html/draft-rir-rpki-allres-ta-app-statement

"This document provides an applicability statement for the use of multiple, over-claiming ‘all resources’ (0/0) RPKI certificate authorities (CA) certificates used as trust anchors (TAs) operated by the Regional Internet Registry community to help mitigate the risk of massive downstream invalidation in the case of transient registry inconsistencies."

To mitigate the risk and alleviate this threat, the RIRs agreed to move from a Trust Anchor that reflects only their current holdings to one that reflects all holdings. This improvement will provide a more robust way of allowing resources that are covered under RPKI to be transferred from one RIR to another.

Note that current ARIN RPKI users do not need to re-download the TAL, as the TAL has not changed.

If you are new to RPKI and want to start validating RPKI data from the ARIN region, you can download the ARIN TAL from the following location:

https://www.arin.net/resources/rpki/tal.html

Regards,

Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)

_______________________________________



--
===============================================
David Farmer              
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota  
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================



Archive powered by MHonArc 2.6.19.

Top of Page