[arin-ppml] RPKI Relying Agreement

[John Curran]

On Dec 4, 2014, at 5:07 PM, Adam Thompson <athompso at athompso.net> wrote:
> 
> If ARIN's legal counsel feels there is no way to avoid requiring *explicit* legal agreement prior to using RPKI data (as distinct from *publishing* RPKI data) then I would suggest that there is a clear community consensus just based on what I've heard here and at ARIN 34.
> 
> Unfortunately, the dialog between ARIN and its community boils down to "the business and legal climate in the United States is too hostile to permit easy and widespread use of RPKI data".
> 
> If ARIN can't find a way around that problem, perhaps they should consider reincorporating somewhere more conducive to business... 

Adam - 
 
  As noted already, having a click-accept RPA provides higher certainty when managing
  litigation risk from those relying on RPKI data.  Another option to simply state the terms
  (e.g. indemnification) that apply to those using your CA, and then rely on implicit binding. 
  A third-option is to include the necessary language in an existing agreement (such as 
  the member or registry agreement) and not worrying about those who are just 
  accessing the data.

  Each RIR is taking their own approach to this problem, and you’re unlikely to find a 
  jurisdiction where services can be offered with _no_ risk at all (note - if you do find such 
  a place, then it’s so "conducive to business” that your own service providers are likely
  to have no obligations to you…)

  We can switch to an implied agreement (as has been used in other regions); if that 
  does address the concern, it means that folks are more willing to be implicitly bound
  by terms unseen than explicitly accepting an agreement with known terms.

/John

John Curran
President and CEO
ARIN