At present, TALs are largely static, and because Relying Parties rely on them to find out the public key of a particular Trust Anchor's signature, it's difficult for RIRs to replace their Trust Anchor keys. This is a security liability of the RPKI at large.
There are ongoing efforts to standardize a secure and automatic TAL update mechanism, and FORT should implement it as soon as possible.
At present, TALs are largely static, and because Relying Parties rely on them to find out the public key of a particular Trust Anchor's signature, it's difficult for RIRs to replace their Trust Anchor keys. This is a security liability of the RPKI at large.
There are ongoing efforts to standardize a secure and automatic TAL update mechanism, and FORT should implement it as soon as possible.
The draft is draft-ietf-sidrops-signed-tal.