[arin-ppml] RPKI Relying Agreement

Thu Dec 4 11:26:22 EST 2014

CB:

I'd normally agree with this.  I'd rather take risk as Microsoft than have ARIN take the risk.

But consider:   We pay for ARIN services, but ARIN refuses to warranty that the services we pay for (rDNS, RPKI, and Whois) will be available.

Why doesn't the RSA warranty those basic and critical operational services?

David R Huberman
Microsoft Corporation
Principal, Global IP Addressing
________________________________
From: Ca By <cb.list6 at gmail.com>
Sent: Thursday, December 4, 2014 8:00:32 AM
To: David Huberman
Cc: Andrew Gallo; ARIN-PPML at arin.net
Subject: Re: [arin-ppml] RPKI Relying Agreement

On Thu, Dec 4, 2014 at 7:51 AM, David Huberman <David.Huberman at microsoft.com<mailto:David.Huberman at microsoft.com>> wrote:
Numerous members of the security and network engineering community and I have discussed this over the last 12 months, and the RPA is a show stopper for some of us.  Paragraphs 3 and 4 are the key. It's one way warranties (you -> ARIN), just like the RSA.

It's thorny because if you put yourself in ARIN's shoes for a moment, you have to balance the risk of bankrupting the company with the responsibility of being a trust anchor.   Unfortunately, like many ARIN legal postures, the unwillingness to take on any risk at all is problematic.

I am always told ARIN is the community.

community = networks

ARIN = commuity

networks = ARIN

Networks want to transfer risk: Network -> ARIN

ARIN wants to transfer risk from ARIN -> Networks

but, ARIN = Networks = Community ....so it is moot since transfer risk from yourself to yourself is meaningless.

That said, networks are more distributed than ARIN from a liability perspective, so better for networks to absorb risk.

No?

CB

I really hope the new Board takes this issue up again in 2015 - the unwillingness to accept any risk even though ARIN is a key part of the internet community, and the one-sidedness of its legal agreements due to same.

David R Huberman
Microsoft Corporation
Principal, Global IP Addressing

________________________________________
From: arin-ppml-bounces at arin.net<mailto:arin-ppml-bounces at arin.net> <arin-ppml-bounces at arin.net<mailto:arin-ppml-bounces at arin.net>> on behalf of Andrew Gallo <akg1330 at gmail.com<mailto:akg1330 at gmail.com>>
Sent: Thursday, December 4, 2014 7:31 AM
To: ARIN-PPML at arin.net<mailto:ARIN-PPML at arin.net>
Subject: [arin-ppml] RPKI Relying Agreement

(cross posted from NANOG)

Greetings:

In the past few months, I've spoken with, or heard second hand, from a
number of organizations that will not or cannot sign ARIN's RPKI Relying
Agreement.  Acceptance of this agreement is required in order to gain
access to ARIN's Trust Anchor Locator (TAL).

Given the size and number of these organizations that can't or wont
accept the agreement makes me wonder if this is a show stopper that will
prevent the adoption of this technology.

I've created a quick survey to get an idea of the community's take on
this agreement with the idea that if enough organizations indicate it is
unacceptable, maybe we can get this agreement changed, or as with other
regions, not explicitly required to use the TAL.

https://docs.google.com/forms/d/10RLBBpL05n1c_H4unHitlsVqNM3rZI5aXAX8iSBc_Kk/viewform?usp=send_form

Thank you
_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net<mailto:ARIN-PPML at arin.net>).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact info at arin.net<mailto:info at arin.net> if you experience any issues.
_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net<mailto:ARIN-PPML at arin.net>).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact info at arin.net<mailto:info at arin.net> if you experience any issues.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20141204/d6fe0bd9/attachment.htm>