Final update: On April 1st ARIN deployed support for the RFC 8183 RPKI key exchange format: https://www.arin.net/vault/participate/acsp/suggestions/2020-3.html
You will no longer need the “ARIN Compatible" toggle in Krill as described in the previous email. The toggle will be removed in version 0.6, due next week. -Alex > On 25 Feb 2020, at 13:40, Alex Band <a...@nlnetlabs.nl> wrote: > > An update: > > The setup process with ARIN has now been fixed in Krill 0.5.0, which was just > released: > https://www.nlnetlabs.nl/news/2020/Feb/25/krill.0.5.0-released/ > > We have worked around the issue by transforming the child request XML file in > the user interface using a toggle: > https://rpki.readthedocs.io/en/latest/krill/parent-interactions.html#arin > > The ensured that Krill is compatible with both the old and new response file > format. Once ARIN conforms to RFC 8183, this toggle will be removed in a > future version. We have also fixed two blocking issues with APNIC, ensuring > Krill now works with every RIR implementation. > > Looking forward to your feedback on this release. > > Cheers, > > Alex > >> On 13 Feb 2020, at 09:48, Alex Band <a...@nlnetlabs.nl> wrote: >> >> Hi there! >> >> There is also this somewhat hacky SED command to transform the Request XML >> into the format that ARIN accepts, in case you’d like to use something other >> than the XSL: >> >> https://sed.js.org/?gist=3f08fb293c8825855bb26f2865161575 >> >> –– Looping in John Curran >> >> John, I appreciate ARIN has accepted RFC 8183 compatibility as an ACSP >> suggestion: >> >> https://www.arin.net/participate/community/acsp/suggestions/2020-3/ >> >> Looking at the XML though, the changes needed to make this work are one tag, >> a URL and a version number. Could this please be tracked as a simple bug >> instead of a "feature to include in our future RPKI improvements”? >> >> In the mean time I have added a warning to the documentation: >> https://rpki.readthedocs.io/en/latest/krill/manage-cas.html#step-1-get-the-request-xml-file >> >> Thanks! >> >> -Alex >> >>> On 5 Feb 2020, at 16:48, Tim Bruijnzeels <t...@nlnetlabs.nl> wrote: >>> >>> Hi, >>> >>> Everyone is welcome to read that list of course, but the TL;DR is: >>> >>> ARIN currently uses a pre RFC 8183 format for the identity exchange. It >>> would be good if this were updated. New versions of rpkid as well as Krill >>> have issues with the old format. >>> >>> In the meantime this XSL provided by rpki.net can be of help: >>> https://raw.githubusercontent.com/dragonresearch/rpki.net/master/potpourri/oob-translate.xsl >>> >>> Note: if you are planning to give Krill a try we recommend that you wait >>> for version 0.5. We expect to have this version ready in 1-2 weeks. It will >>> include usability improvements, better monitoring and a UI. >>> >>> Kind regards, >>> >>> Tim >>> >>> >>> >>>> On 5 Feb 2020, at 16:03, Christopher Munz-Michielin >>>> <christop...@ve7alb.ca> wrote: >>>> >>>> Brilliant! Thanks for the write up Cynthia, I'll have a read through! >>>> >>>> Chris >>>> >>>> On 2020-02-05 1:56 a.m., Cynthia Revström wrote: >>>>> (Re-sent as I forgot to include the ML the first time, oops) >>>>> Hi Chris, >>>>> >>>>> I recently figured it out and posted it on the NLNetLabs RPKI mailing >>>>> list. https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html >>>>> <https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html> >>>>> I hope it helps :) >>>>> >>>>> - Cynthia >>>>> >>>>> On Wed, Jan 29, 2020 at 6:31 PM Christopher Munz-Michielin >>>>> <christop...@ve7alb.ca <mailto:christop...@ve7alb.ca>> wrote: >>>>> >>>>> Hi Nanog, >>>>> >>>>> Posting here since my Google-fu is coming up short. I'm trying to setup >>>>> delegated RPKI in ARIN using rpki.net <http://rpki.net>'s rpkid Python >>>>> daemon and am running into an issue submitting the identity file to >>>>> ARIN's control panel. The same file submitted to RIPE's test environment >>>>> at https://localcert.ripe.net/#/rpki works without issue, while >>>>> submitting to ARIN results in "Invalid Identity.xml file." >>>>> >>>>> The guide I'm following is this one: >>>>> https://github.com/dragonresearch/rpki.net/blob/master/doc/quickstart/xenial-ca.md >>>>> and I'm able to get as far as generating the identity file. >>>>> >>>>> Wondering if anyone has gone down this road before and has any helpful >>>>> hints to make this work? >>>>> >>>>> Cheers, >>>>> Chris >>>>> >>> >>
