[Community-Discuss] 06 April 2019 RPKI incident - Postmortem report

Owen DeLong owen at delong.com
Wed Apr 10 19:43:51 UTC 2019

> On Apr 10, 2019, at 6:57 AM, Noah <noah at neo.co.tz> wrote:
> On Wed, Apr 10, 2019 at 4:04 PM Owen DeLong <owen at delong.com <mailto:owen at delong.com>> wrote:
> If you automate the process, you have to store the private key in a manner in which it can be accessed automatically.
> The only process that needs automation is the timing of when certificates expire next [1] so as to best inform the humans and invoke pro-activeness which includes offline testing to avoid any human errors that may result in live production. 
> Noah
> [1] they indicated the monitoring system picked the issue up but perhaps more pro-activeness and offline testing to avoid human errors in the future would come in handy.

AIUI, the timing is every 30 days and the humans were notified 15 days ahead and failed to act.

Further, AIUI, they’ve taken steps to make sure that the humans don’t fail to act on such notification in the future.

I ask that AfriNIC staff provide clarification if either of my above understandings of their report is inaccurate.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/community-discuss/attachments/20190410/d20bd0cd/attachment.html>

More information about the Community-Discuss mailing list