[arin-discuss] Question about the ARIN Relying Party Agreement - RPKI 'everyone must sign' and such...

[John Curran]

On Dec 4, 2012, at 3:18 PM, Christopher Morrow <morrowc.lists at gmail.com> wrote:

> This seems, to me, mean that people outside the ARIN region, those
> like in RIPE area, will have to sign something they don't know they
> have to sign and ??

Chris - 
 
The only parties that need to acknowledge that RPA are relying parties,
and the need to do this once to obtain the TAL.

This step insures that relying parties are aware of the terms and 
conditions associated with ARIN's CA prior to building reliance upon 
its capabilities, and is baseline requirement contained in RFC 5280 
for prospective relying parties prior to them relying on the 
authentication or non-repudiation services associated with the public 
key in a particular certificate. 

Acknowledging the RPA occurs once with the download of ARIN's TAL;
while it is an additional step, it's likely to be relatively small
compared to the myriad of other tasks involved in setup of any RPKI-
based validation.

This is also important to ARIN as an organization, as having a record 
that parties will not rely on the RPKI services at this time for life-
critical or environmentally critical (as an example) could be important
in some circumstances, and protecting ARIN in the rollout of this new
service was deemed a priority by the Board.

I encourage discussion of this topic, both here and at our April meeting;
I hope this information is helpful input to that process.

Thanks!
/John

John Curran
President and CEO
ARIN