An update: The setup process with ARIN has now been fixed in Krill 0.5.0, which was just released: https://www.nlnetlabs.nl/news/2020/Feb/25/krill.0.5.0-released/
We have worked around the issue by transforming the child request XML file in the user interface using a toggle: https://rpki.readthedocs.io/en/latest/krill/parent-interactions.html#arin The ensured that Krill is compatible with both the old and new response file format. Once ARIN conforms to RFC 8183, this toggle will be removed in a future version. We have also fixed two blocking issues with APNIC, ensuring Krill now works with every RIR implementation. Looking forward to your feedback on this release. Cheers, Alex > On 13 Feb 2020, at 09:48, Alex Band <a...@nlnetlabs.nl> wrote: > > Hi there! > > There is also this somewhat hacky SED command to transform the Request XML > into the format that ARIN accepts, in case you’d like to use something other > than the XSL: > > https://sed.js.org/?gist=3f08fb293c8825855bb26f2865161575 > > –– Looping in John Curran > > John, I appreciate ARIN has accepted RFC 8183 compatibility as an ACSP > suggestion: > > https://www.arin.net/participate/community/acsp/suggestions/2020-3/ > > Looking at the XML though, the changes needed to make this work are one tag, > a URL and a version number. Could this please be tracked as a simple bug > instead of a "feature to include in our future RPKI improvements”? > > In the mean time I have added a warning to the documentation: > https://rpki.readthedocs.io/en/latest/krill/manage-cas.html#step-1-get-the-request-xml-file > > Thanks! > > -Alex > >> On 5 Feb 2020, at 16:48, Tim Bruijnzeels <t...@nlnetlabs.nl> wrote: >> >> Hi, >> >> Everyone is welcome to read that list of course, but the TL;DR is: >> >> ARIN currently uses a pre RFC 8183 format for the identity exchange. It >> would be good if this were updated. New versions of rpkid as well as Krill >> have issues with the old format. >> >> In the meantime this XSL provided by rpki.net can be of help: >> https://raw.githubusercontent.com/dragonresearch/rpki.net/master/potpourri/oob-translate.xsl >> >> Note: if you are planning to give Krill a try we recommend that you wait for >> version 0.5. We expect to have this version ready in 1-2 weeks. It will >> include usability improvements, better monitoring and a UI. >> >> Kind regards, >> >> Tim >> >> >> >>> On 5 Feb 2020, at 16:03, Christopher Munz-Michielin <christop...@ve7alb.ca> >>> wrote: >>> >>> Brilliant! Thanks for the write up Cynthia, I'll have a read through! >>> >>> Chris >>> >>> On 2020-02-05 1:56 a.m., Cynthia Revström wrote: >>>> (Re-sent as I forgot to include the ML the first time, oops) >>>> Hi Chris, >>>> >>>> I recently figured it out and posted it on the NLNetLabs RPKI mailing >>>> list. https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html >>>> <https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html> >>>> I hope it helps :) >>>> >>>> - Cynthia >>>> >>>> On Wed, Jan 29, 2020 at 6:31 PM Christopher Munz-Michielin >>>> <christop...@ve7alb.ca <mailto:christop...@ve7alb.ca>> wrote: >>>> >>>> Hi Nanog, >>>> >>>> Posting here since my Google-fu is coming up short. I'm trying to setup >>>> delegated RPKI in ARIN using rpki.net <http://rpki.net>'s rpkid Python >>>> daemon and am running into an issue submitting the identity file to ARIN's >>>> control panel. The same file submitted to RIPE's test environment at >>>> https://localcert.ripe.net/#/rpki works without issue, while submitting to >>>> ARIN results in "Invalid Identity.xml file." >>>> >>>> The guide I'm following is this one: >>>> https://github.com/dragonresearch/rpki.net/blob/master/doc/quickstart/xenial-ca.md >>>> and I'm able to get as far as generating the identity file. >>>> >>>> Wondering if anyone has gone down this road before and has any helpful >>>> hints to make this work? >>>> >>>> Cheers, >>>> Chris >>>> >> >
