[AFRINIC-Announce] RPKI v1.0 Engine Deactivation
comm-announce at afrinic.net
Mon Nov 16 07:11:04 UTC 2015
On 29 May 2015, AFRINIC released an updated version of its RPKI core infrastructure (v2.0). AFRINIC is pleased to announce that by now, all members have already migrated their engine to the new platform, on which they have also created their ROAs. 33 members have activated their new engines with a total of 77 active ROAs.
The features of the new release are:
• The AFRINIC Root certificate now covers 'ALL' resources managed by AFRINIC.
• Members can now get all allocated/assigned resources certified.
• Adoption of a new minority-majority certification model. Instead of using one certificate, AFRINIC now manages a split certificates set namely:
• AFRINIC-CA (Covers AFRINIC managed space for which AFRINIC is majority space holder)
• APNIC-TO-AFRINIC (Covers AFRINIC managed space for which APNIC is majority space holder)
• ARIN-TO-AFRINIC (Covers AFRINIC managed space for which ARIN is majority space holder)
• LACNIC-TO-AFRINIC (Covers AFRINIC managed space for which LACNIC is majority space holder)
• RIPE-TO-AFRINIC (Covers AFRINIC managed space for which RIPE is majority space holder)
AFRINIC has changed its repository structure from “flat” to “hierarchical”. All objects (certificates and ROAs) can be retrieved from one single URI (rsync://rpki.afrinic.net/repository)
• Support for MAX LENGTH as stipulated by RFC6482 on the ROA format.
• Compliance to RFC7318 on policy qualifiers.
• Fix for the “Bad CMS SI signed attributes” issue in ROAs and manifest files.
AFRINIC is now proceeding with the deactivation of the old platform, which includes the following:
Activation of new engine and re-issuance of new ROAs
June – August 2015
Revocation of old ROAs
June – October 2015
Deactivation of old member engines
November 16, 2015
Old member repositories will not be available. Top-down validation will complain about missing folders
Deactivation of old production master engine
November 18, 2015
Old master repository will not be available. Top-down validation will complain about missing folders
AFRINIC Root Cycle
November 20, 2015
The deactivation of the old member engines and old master production engine will have an impact of TOP-DOWN validation. However, the impact will not have any consequence on the validation of the active ROAs that have all been created on the new platform. Errors in validation, as from Step 3, will be temporary and will disappear as soon step 5 is completed.
38 member certificates are involved in this migration process.
Progress on the deactivation process will be communicated to all stakeholders as and when needed. Should members or relying parties require additional information, please contact the AFRINIC RPKI team on rpki-help at afrinic.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Announce