[arin-ppml] Revisit RPKI TAL Relying Party Agreement?

John Curran jcurran at arin.net
Mon Jan 30 14:49:57 EST 2017 

On 30 Jan 2017, at 3:42 AM, Job Snijders <job at ntt.net<mailto:job at ntt.net>> wrote:

What stands out to me is that (as example) the RIPE NCC RPKI Validator
ships with materials from all the RIRs, except ARIN. The RPKI Validator
is a commonly used software package to interact with the RPKI.

   https://github.com/RIPE-NCC/rpki-validator/tree/master/rpki-validator-app/conf/tal
   (notice that LACNIC, AfriNIC, APNIC, RIPE NCC are all there)

As such, the RPKI Validator (out of the box) is not complete. I
attribute this to ARIN's RPA. This phenomenon puts a burden on every
organisation wishing to use RPKI.

I view this as a shortcoming of the ecosystem and detrimental to our
efforts maintain a secure routing system.

Of course any party can read the RPA and (if they agree) download the
ARIN TAL and add it to their RPKI Validator installation, but I strongly
prefer an ecosystem which out-of-the-box is operating in a secure mode.
I'd argue that ARIN has an obligation to its members to make these
materials unencumbered by legal constraints and freely available to
anyone.

Job -

   In order to better understand your request regarding the differences between
   ARIN and the other RIR’s re how the TAL is made available, I need to inquire
   about your assertion that ARIN should "make these materials unencumbered
   by legal constraints and freely available to anyone”

   Is it your belief that other RIRs presently make these materials available without
   legal constraints?   A quick review would show that is not the case; for example,
   access RIPE’s RPKI CA repository data binds one to RIPE’s RPKI repository Terms
   and Conditions <https://www.ripe.net/manage-ips-and-asns/resource-management/certification/legal/ripe-ncc-certification-repository-terms-and-conditions>

   Is it the presence of legal constraints that it is the concern, or the fact that ARIN
   requires explicit downloading (and thus awareness of this fact) that is the issue?

   Note that wee did streamline access to the TAL recently (by making it a simple
   download from the web rather than requiring explicitly agreement acceptance
   and download via email link); in this manner, getting ARIN’s TAL should not
   be much more difficult then obtaining the typical software library.

Thanks for any insight you can provide,
/John

John Curran
President and CEO
ARIN





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20170130/9af1b93d/attachment.htm>

More information about the ARIN-PPML mailing list