Re: RPKI Mgmt Changes at ARIN (was: Fwd: [arin-announce] Upcoming Changes to ARIN’s Resource Public Key Infrastructure (RPKI))

[John Curran <jcurran () arin net>]

Chris -

Indeed - these are some frequently sought changes that also bring our RPKI interface closer to practices in other 
regions.

I will note that we do lose something in the process - currently ARIN’s RPKI system has clear non-repudiation 
attributes (i.e., the issuance of an ROA is assuredly done by the controlling operator [as opposed to a function of 
ARIN’s automation or staff]) since ARIN never possesses the necessary private key.    Changing to allow easy issuance 
and rollover appears to be the community’s preference, so we have undertaken the necessary development and process 
changes.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

> On Apr 15, 2023, at 2:10 PM, Christopher Morrow <morrowc.lists () gmail com> wrote:
>
> On Fri, Apr 14, 2023 at 5:41 PM Ca By <cb.list6 () gmail com> wrote:
> > > **ROA Auto-renewal**
> > >
> > > After the May software release, any ROA created via ARIN Online or the new RESTful provisioning endpoint will be 
> > > automatically renewed, meaning all newly created ROAs will persist indefinitely until they are manually deleted. 
> > > ARIN will also apply the auto-renew feature to any existing ROAs when we deploy this new functionality.
> > >
> > > Please note: Any new ROAs created with the legacy RESTful endpoint will not be auto-renewed. If you would like your 
> > > ROAs to be auto-renewed, you will need to use ARIN Online or the new RESTful provisioning endpoint. ARIN will be 
> > > contacting customers who have created ROAs in both ARIN Online and REST to determine how they prefer to manage 
> > > their existing ROAs
> >
> > Thanks John and ARIN team, this auto-renew is a big deal and helps take a lot of stress off our plates
>
> oh! there's a bunch of pretty good improvements here, thanks! (john
> and cameron for raising this mail up in the my stack)
>
> -chris