Your IP address is 54.91.57.221

Filters

Announcements

Selected Country for 2015 AFRINIC INRM & IPv6 workshop

10 March 2015 - Following the call for hosting for INRM and IPv6 Workshops, we are pleased to inform you that we have finalised the list of countries to host AFRINIC Trainings in 2015.

The countries that will host trainings this year are:

  • South Africa
  • Zimbabwe
  • Algeria
  • Mauritania
  • Rwanda
  • Burundi
  • Cameroon
  • Chad
  • Nigeria
  • Togo
  • Cape Vert
  • Mauritius
  • Benin
  • Angola

The list of countries below are currently on our waiting list:

  • Sudan
  • Tanzania
  • Congo DRC
  • Guinea-Bissau
  • Burkina faso

Hosting organisations will be contacted individually at a later date for logistical details and final confirmed dates of trainings.

We take this opportunity to thank all those that expressed an interest in hosting an AFRINIC Training Workshop and look forward to another successful training season.

 

AFRINIC Training Team

 

Report on the RPKI Incident

6 March 2015 - Please find attached a PostMortem Report on the RPKI  Validation Incident  which occurred on  the 2nd of  March 2015

 

Overview of AFRINIC RPKI System

AFRINIC RPKI's system launched on 1st January 2011 is composed of an Offline root CA  and a production CA. Both CA publish objects in the RPKI repository available at

 http://rpki.afrinic.net <http://rpki.afrinic.net/>;/  rsync://rpki.afrinic.net <http://rpki.afrinic.net/>;

 

Like every CA in the RPKI, the Offline root CA maintains a CRL and a manifest for the certificates it manages and objects in its repository. http://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ As per CA practices, the CRL and manifest are valid for 30 days

(Next update time is set to 30days). Processes and mechanisms have been put in place to refresh these objects weeks before expiration.

 

Description of the incident

The CRL and Manifest of the root CA were refreshed on the 01/28/2015  and next update set to 03/02/2015  as showed below:

 

Manifest   -------------

Object Type: RPKI Manifest

Signing time: 2015-01-28T08:01:29.000Z

Version: 0

Number: 59

This update time: 2015-01-28T08:01:28.000Z

Next update time: 2015-03-02T08:01:28.000Z

 

CRL  ---------

Certificate Revocation List (CRL):

Version 2 (0x1)

Signature Algorithm: sha256WithRSAEncryption

Issuer: /CN=AfriNIC-Root-Certificate

Last Update: Jan 28 08:01:28 2015 GMT

Next Update: Mar  2 08:01:28 2015 GMT

 

Due to some issues with internal monitoring system, this task was missed and as from 08:01 AM UTC, the 03/02/2015, the CRL and Manifest were invalid and  therefore the whole AFRINIC RPKI repository became invalid.

This was the first time this incident occurred since January 2011.

 

Actions taken

The incident was reported by a ticket opened on our support system the 03/02/2014 at 10:30 PM UTC. Investigations confirmed the issue and immediate corrective measures taken. At  5:55 AM on the 03/03/2015,  the repository has been restored to normal mode.

The internal systems and processes have been reviewed and  appropriate measures taken such as  more stringent monitoring, regular system audit, redundancy, etc  to avoid this in the future.

 

Questions or comments to   This e-mail address is being protected from spambots. You need JavaScript enabled to view it

   

Page 4 of 75