[AFRINIC-announce] AFRINIC RPKI v2.0 released
comm-announce at afrinic.net
Fri May 29 15:17:08 UTC 2015
AFRINIC is pleased to announce a new release of the RPKI core infrastructure (v2.0) as well as an updated interface of the Resource Certification section on MyAFRINIC (https://my.afrinic.net).
To access the Resource Certification section, connect to MyAFRINIC and navigate to Resources->Resource Certification, a BPKI certificate will be requested to authenticate yourself.
Currently RPKI enrolled members, who already have a certificate with AFRINIC, will have to re-activate their engine. However, their current engine as well as old ROAs will remain active until revoked. You are invited to re-activate your engine and re-create your ROAs.
For AFRINIC members, who have not yet activated their engine, please visit the Resource Certification page on http://afrinic.net/en/initiatives/resource-certification for more details.
For more information and a live demonstration, please join us at AIS2015 in Tunis for a full-day RPKI training on the Saturday, 30 May 2015.
See agenda http://internetsummitafrica.org/en/programme/agenda for more details.
Salient features of the new release
The AFRINIC Root certificate now cover *ALL* resources managed by AFRINIC.
Members can now get all allocated/assigned resources certified.
AFRINIC has adopted a new minority-majority certification model. Instead of using one certificate, AFRINIC now manages a split certificates set namely:
AFRINIC-CA (Covers AFRINIC managed space for which AFRINIC is majority space holder)
APNIC-TO-AFRINIC (Covers AFRINIC managed space for which APNIC is majority space holder)
ARIN-TO-AFRINIC (Covers AFRINIC managed space for which ARIN is majority space holder)
LACNIC-TO-AFRINIC (Covers AFRINIC managed space for which LACNIC is majority space holder)
RIPE-TO-AFRINIC (Covers AFRINIC managed space for which RIPE is majority space holder)
AFRINIC has changed its repository structure from “flat” to “hierarchical”. All objects (certificates and ROAs) can be retrieved from one single URI (rsync://rpki.afrinic.net/repository)
AFRINIC now supports MAX LENGTH as stipulated by RFC6482 on the ROA format.
AFRINIC certificates are now compliant to RFC7318 on policy qualifiers.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the announce