[arin-ppml] ARIN Announces New Relying Party Agreement (RPA) To Spur Use of RPKI

David Farmer farmer at umn.edu
Mon Oct 21 15:34:36 EDT 2019


I am encouraged by these changes, however, I don't think they go far enough.

I've been thinking about these issues for a while now, particularly the
issue of requiring a valid and binding Relying Party Agreement (RPA) on a
global basis. In my opinion, this seems to run counter to at least the
spirit of ICP-2. While ICP-2 deals with the formation of new RIR's, it
says, "each region should be served by a single RIR."  This seems to
strongly imply, that an LIR (ISPs) should only have to contract with or
otherwise do business with the RIR(s) for which the LIR operates within the
service regions of the RIR(s).

Furthermore, if the other RIR's have similar requirements as ARIN for valid
and binding RPAs on a global basis, whether through a formal contract as
with ARIN or through terms expressed in the Certificate or Certificate
Practice Statement (CPS) this would mean I would need to convince the
lawyers at the University of Minnesota that we needed binding contracts
with each of the five RIRs. To be honest, I doubt this would be achievable,
and ICP-2 seems to imply this should not be necessary as we only operate
our network within the ARIN service region. However, even though we only
operate a network within the ARIN service region the University of
Minnesota has assets around the globe, which makes the risks of contracting
with the other RIRs difficult to determine but probably quite sizable.

Further, if it is truly necessary to have binding agreements with each of
the RIR's or that all operators globally need to contract with ARIN in
order to validate RPKI then I think we need to rethink RPKI or at least
rethink how RPKI is currently deployed. Maybe the RIRs need to contract
with each other on behalf of their members and resign each other's
certificates, so a binging RPA is only necessary with your home RIR, and
you only need the TAL of your home RIR to validate ROA's on a global basis.

Thank you.

On Mon, Oct 21, 2019 at 1:01 PM John Curran <jcurran at arin.net> wrote:

> FYI,
> /John
> Begin forwarded message:
> *From: *ARIN <info at arin.net>
> *Subject: **[arin-announce] ARIN Announces New Relying Party Agreement
> (RPA) To Spur Use of RPKI*
> *Date: *21 October 2019 at 10:52:40 AM PDT
> *To: *<arin-announce at arin.net>
> Today, ARIN published a new Relying Party Agreement (RPA) for RPKI.
> Visit: https://www.arin.net/resources/manage/rpki/rpa.pdf
> Background: In response to feedback from the community, ARIN had
> previously updated its processes to allow organizations to directly
> download our Trust Anchor Locator (TAL) from our website, noting that by
> doing so they were agreeing to be bound by the RPA. This was intended to
> accommodate and overcome claimed barriers to RPKI adoption.
> Visit: https://www.arin.net/resources/manage/rpki/tal/
> Today’s new RPA includes modifications to address constructive
> suggestions that have been raised by members of the community both
> publicly and directly with ARIN. ARIN has included the following changes
> in the RPA:
>  *  The ability to make available the ARIN RPKI information to any
> third party for informational purposes (e.g. reporting, educational,
> research, summary or statistical purposes) has been expanded to allow
> for distribution in machine-readable formats; and
>  *  The RPA’s indemnification clause has been more narrowly scoped to
> exclude the indemnification of possible ARIN misconduct.
> ARIN has also now made a Redistributor RPA available for qualified
> organizations that wish to distribute RPKI-related data for purposes not
> covered in this standard RPA, including but not limited to distribution
> for real-time routing purposes. Interested organizations should contact
> ARIN via the information available on the Trust Anchor Locator page on
> our website.
> Visit: https://www.arin.net/resources/manage/rpki/rpa_redistributor.pdf
> ARIN hopes that these additional changes to the RPA, alongside
> simplified access to the TAL, will encourage organizations’ adoption of
> RPKI to secure Internet routing.
> Regards,
> John Curran
> President and CEO
> American Registry for Internet Numbers (ARIN)
> _______________________________________________
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

David Farmer               Email:farmer at umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20191021/4f35ed8a/attachment-0001.htm>

More information about the ARIN-PPML mailing list