<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
On Dec 4, 2014, at 11:26 AM, David Huberman <<a href="mailto:David.Huberman@microsoft.com" class="">David.Huberman@microsoft.com</a>> wrote:<br class="">
<div>
<blockquote type="cite" class=""><br class="Apple-interchange-newline">
<div class="">
<div class="">I'd normally agree with this. I'd rather take risk as Microsoft than have ARIN take the risk.<br class="">
<br class="">
But consider: We pay for ARIN services, but ARIN refuses to warranty that the services we pay for (rDNS, RPKI, and Whois) will be available.
<br class="">
<br class="">
Why doesn't the RSA warranty those basic and critical operational services?</div>
</div>
</blockquote>
<br class="">
</div>
<div>The reason that the RIRs have disclaimer of warranty and indemnification clauses </div>
<div>for RPKI services is actually quite simple: despite striving to deliver highly available </div>
<div>RPKI services, you are supposed to be using best practices in use of the service, </div>
<div>and this include recognizing that failures can occur and such should not result in </div>
<div>operation impact (i.e. exactly the opposite of your “my routing decisions are affected </div>
<div>and breakage happens” statement in your prior email.) Specifically, your RPKI </div>
<div>deployment approach should be following known operational best practices for </div>
<div>RPKI, such as those in RFC 7115 / BCP 185, "Origin Validation Operation Based </div>
<div>on the Resource Public Key Infrastructure (RPKI)” - </div>
<div>
<div class=""> “… Local policy using relative preference is suggested to manage the uncertainty </div>
<div class=""> associated with a system in early deployment; local policy can be applied to</div>
<div class=""> eliminate the threat of unreachability of prefixes due to ill-advised certification </div>
<div class=""> policies and/or incorrect certification data. “</div>
<div class=""><br class="">
</div>
<div class="">Note that the claims that could ensue from an operator failing to follow best practices</div>
<div class="">and then third-parties suffering an major operational outage is likely to be large and</div>
<div class="">extremely protracted, with potential for endangering the registry itself due to the nature </div>
<div class="">of litigation and its requirement to actually go to all the way to trial in order to be able </div>
<div class="">to then introduce evidence and prove that the RPKI services were operating properly </div>
<div class="">at the time of the event. If the RIRs did not seek indemnification for use of the RPKI </div>
<div class="">services, then all of their other registry services could potentially be put at risk due to </div>
<div class="">the need to defend errant litigation, even presuming perfect RPKI service delivery. </div>
<div class="">Undertaking that risk to the other services that everyone else presently rely upon </div>
<div class="">(Whois, reverse DNS) is not reasonable particularly during this time when the RPKI </div>
<div class="">parties are supposed to be deploying via conservative routing preference practices.</div>
<div class=""><br class="">
</div>
<div class="">ARIN does make the expectations very clear and explicit in its agreements, and that</div>
<div class="">is different from the other RIRs. Again, are the other RIR RPKI non-warranty and </div>
<div class="">indemnification clauses equally problematic for you, or is the fact that they are </div>
<div class="">implicitly bound address your concerns? This has come up before on the NANOG </div>
<div class="">mailing list (see attached) but it was unclear if the outcome was an expectation that</div>
<div class="">all RIRs should drop these clauses, or that ARIN should make agreement to them </div>
<div class="">be implicit.</div>
<div class=""><br class="">
</div>
<div class="">Thanks!</div>
<div class="">/John</div>
<div class=""><br class="">
</div>
<div class="">John Curran</div>
<div class="">President and CEO</div>
<div class="">ARIN</div>
<div class=""><br class="">
</div>
<div class="">===</div>
<div class="">
<blockquote type="cite" class="">
<div class="">Begin forwarded message:</div>
<br class="Apple-interchange-newline">
<div style="margin: 0px;" class=""><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class=""><b class="">Subject: </b></span><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class=""><b class="">Re:
APNIC RPKI TAL agreement</b><br class="">
</span></div>
<div style="margin: 0px;" class=""><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class=""><b class="">From: </b></span><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class="">John
Curran <<a href="mailto:jcurran@arin.net" class="">jcurran@arin.net</a>><br class="">
</span></div>
<div style="margin: 0px;" class=""><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class=""><b class="">Date: </b></span><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class="">October
16, 2014 at 7:30:48 PM EDT<br class="">
</span></div>
<div style="margin: 0px;" class=""><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class=""><b class="">Cc: </b></span><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class="">Wes
George <<a href="mailto:wesley.george@twcable.com" class="">wesley.george@twcable.com</a>>, Randy Bush <<a href="mailto:randy@psg.com" class="">randy@psg.com</a>>, "Geoff Huston" <<a href="mailto:gih@apnic.net" class="">gih@apnic.net</a>><br class="">
</span></div>
<div style="margin: 0px;" class=""><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class=""><b class="">To: </b></span><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class="">Michael
Sinatra <<a href="mailto:michael@burnttofu.net" class="">michael@burnttofu.net</a>><br class="">
</span></div>
<br class="">
<div class="">On Oct 16, 2014, at 3:19 PM, Michael Sinatra <<a href="mailto:michael@burnttofu.net" class="">michael@burnttofu.net</a>> wrote:<br class="">
<br class="">
<blockquote type="cite" class="">Hi John:<br class="">
<br class="">
At NANOG 62, you mentioned that APNIC has a similar agreement as ARIN to<br class="">
use its trust-anchor locator (TAL), but that it is not a click-through<br class="">
agreement like ARIN's. I have searched using basic google-foo for this<br class="">
agreement, and have also looked on APNIC's certificate rsync server<br class="">
(which also has an HTTP interface) and I can't find it. Can you, or any<br class="">
other recipient of this message who is familiar with the APNIC<br class="">
agreement, point me in the right direction?<br class="">
</blockquote>
<br class="">
Michael - <br class="">
<br class="">
Review <<a href="http://www.apnic.net/services/manage-resources/digital-certificates/terms-and-conditions" class="">http://www.apnic.net/services/manage-resources/digital-certificates/terms-and-conditions</a>> <br class="">
wherein there is a limitation of liability and requirement that a recipient of any digital certificate <br class="">
will indemnify APNIC against any and all claims by third parties for damages of any kind arising <br class="">
from the use of that certificate. (last two bullets)<br class="">
<br class="">
/John<br class="">
<br class="">
John Curran<br class="">
President and CEO<br class="">
ARIN<br class="">
</div>
</blockquote>
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
</div>
</body>
</html>