[RPKI] Krill 0.9.3 'The Thundering Herd' released, and our production set up.

Tim Bruijnzeels tim at nlnetlabs.nl
Tue Dec 14 14:55:11 UTC 2021

Dear list,

We just released Krill 0.9.3 'The Thundering Herd'.

We took this release as an opportunity to upgrade our own set-up of our
RPKI CA. We enabled multi-user logins and use our own Publication Server.
We made a blog post about how we got here, hoping that it can help others
to have an example:


All users are encouraged to update to this release because it includes a
fix to re-issue ROAs to ensure that short EE subject names are used (#700).
This issue is not critical, because no current RPKI validators reject the
long subject names used by Krill (pre 0.9.3), but strictly speaking Krill
should honour the 64 character limit - which it now does.

Other than this, the release includes features which are aimed at operators
who use Krill to operate an RPKI Repository, or have many parents configured
for their CAs:
- Prevent a thundering herd of hosted CAs publishing at the same time (#692) 
- Handle rate limits when updating parents (#680)

Finally, this version introduces experimental support for ASPA - a new
standard for customer to provider authorisations which is currently being
discussed in the IETF. In order to use this you will have to build Krill
manually using 'cargo --features aspa'. More information on how to use
Krill to manage ASPA objects can be found here:

The full list of changes can be found here:

Kind regards,

On behalf of the NLnet Labs RPKI Team,


More information about the RPKI mailing list