[arin-discuss] Question about the ARIN Relying Party Agreement - RPKI 'everyone must sign' and such...
John Curran
jcurran at arin.net
Wed Dec 5 16:02:59 EST 2012
On Dec 5, 2012, at 2:52 PM, Owen DeLong <owen at delong.com> wrote:
> $ME <-> $MY_ISP <-> $TRANSIT_ISP_1 <-> $TRANSIT_ISP_2 <-> $OTHER_ISP <-> $WEBSITE
>
> It's possible that I have indemnified $MY_ISP. It's possible that $WEBSITE
> has indemnified $OTHER_ISP.
>
> It's very unlikely that either of us has indemnified $TRANSITE_ISP_1 or
> $TRANSIT_ISP_2 or has a contract with either of them at all.
>
> I may not be able to hold $MY_ISP liable, but that doesn't necessarily
> prevent me from suing any of the other ISPs down the chain. Of that
> chain, the only one likely to be indemnified by the $WEBSITE I'm
> trying to reach would be $OTHER_ISP.
Of course, nothing prevents you from suing anyone you wish...
(Welcome to the US legal system) However, in the scenario above
you also don't have any services being provided to you by those
intermediate parties, whereas with RPKI you are making use of,
and relying specifically upon, ARIN's CA and RPKI services.
This changes the situation significantly from a liability
perspective.
The guidance from the Board is to provide these new services
without incurring significant additional risk to our mission.
It is not solely a legal concern; making use of RPKI without
appropriate safeguard (such as following best practices for
handling route preferences) could readily result in serious
impacts to uninvolved parties. We believe that accomplished
the goal of providing the services a minimum of effort required
for relying parties in the form of a simple acknowledgment of
the RPA when obtaining the ARIN's TAL.
FYI,
/John
John Curran
President and CEO
ARIN
More information about the ARIN-discuss
mailing list