<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
CB:<br>
<br>
I'd normally agree with this. I'd rather take risk as Microsoft than have ARIN take the risk.<br>
<br>
But consider: We pay for ARIN services, but ARIN refuses to warranty that the services we pay for (rDNS, RPKI, and Whois) will be available.
<br>
<br>
Why doesn't the RSA warranty those basic and critical operational services?<br>
<br>
David R Huberman<br>
Microsoft Corporation<br>
Principal, Global IP Addressing<br>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Ca By <cb.list6@gmail.com><br>
<b>Sent:</b> Thursday, December 4, 2014 8:00:32 AM<br>
<b>To:</b> David Huberman<br>
<b>Cc:</b> Andrew Gallo; ARIN-PPML@arin.net<br>
<b>Subject:</b> Re: [arin-ppml] RPKI Relying Agreement</font>
<div> </div>
</div>
<div>
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Dec 4, 2014 at 7:51 AM, David Huberman <span dir="ltr">
<<a href="mailto:David.Huberman@microsoft.com" target="_blank">David.Huberman@microsoft.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Numerous members of the security and network engineering community and I have discussed this over the last 12 months, and the RPA is a show stopper for some of us. Paragraphs 3 and 4 are the key. It's one way warranties (you -> ARIN), just like the RSA.<br>
<br>
It's thorny because if you put yourself in ARIN's shoes for a moment, you have to balance the risk of bankrupting the company with the responsibility of being a trust anchor. Unfortunately, like many ARIN legal postures, the unwillingness to take on any risk
at all is problematic.<br>
<br>
</blockquote>
<div><br>
</div>
<div>I am always told ARIN is the community. </div>
<div><br>
</div>
<div>community = networks</div>
<div><br>
</div>
<div>ARIN = commuity</div>
<div><br>
</div>
<div>networks = ARIN</div>
<div><br>
</div>
<div>Networks want to transfer risk: Network -> ARIN</div>
<div><br>
</div>
<div>ARIN wants to transfer risk from ARIN -> Networks</div>
<div><br>
</div>
<div>but, ARIN = Networks = Community ....so it is moot since transfer risk from yourself to yourself is meaningless.</div>
<div><br>
</div>
<div>That said, networks are more distributed than ARIN from a liability perspective, so better for networks to absorb risk.</div>
<div><br>
</div>
<div>No?</div>
<div><br>
CB</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I really hope the new Board takes this issue up again in 2015 - the unwillingness to accept any risk even though ARIN is a key part of the internet community, and the one-sidedness of its legal agreements due to same.<br>
<br>
David R Huberman<br>
Microsoft Corporation<br>
Principal, Global IP Addressing<br>
<br>
________________________________________<br>
From: <a href="mailto:arin-ppml-bounces@arin.net">arin-ppml-bounces@arin.net</a> <<a href="mailto:arin-ppml-bounces@arin.net">arin-ppml-bounces@arin.net</a>> on behalf of Andrew Gallo <<a href="mailto:akg1330@gmail.com">akg1330@gmail.com</a>><br>
Sent: Thursday, December 4, 2014 7:31 AM<br>
To: <a href="mailto:ARIN-PPML@arin.net">ARIN-PPML@arin.net</a><br>
Subject: [arin-ppml] RPKI Relying Agreement<br>
<div class="HOEnZb">
<div class="h5"><br>
(cross posted from NANOG)<br>
<br>
<br>
Greetings:<br>
<br>
In the past few months, I've spoken with, or heard second hand, from a<br>
number of organizations that will not or cannot sign ARIN's RPKI Relying<br>
Agreement. Acceptance of this agreement is required in order to gain<br>
access to ARIN's Trust Anchor Locator (TAL).<br>
<br>
Given the size and number of these organizations that can't or wont<br>
accept the agreement makes me wonder if this is a show stopper that will<br>
prevent the adoption of this technology.<br>
<br>
I've created a quick survey to get an idea of the community's take on<br>
this agreement with the idea that if enough organizations indicate it is<br>
unacceptable, maybe we can get this agreement changed, or as with other<br>
regions, not explicitly required to use the TAL.<br>
<br>
<a href="https://docs.google.com/forms/d/10RLBBpL05n1c_H4unHitlsVqNM3rZI5aXAX8iSBc_Kk/viewform?usp=send_form" target="_blank">https://docs.google.com/forms/d/10RLBBpL05n1c_H4unHitlsVqNM3rZI5aXAX8iSBc_Kk/viewform?usp=send_form</a><br>
<br>
<br>
<br>
Thank you<br>
_______________________________________________<br>
PPML<br>
You are receiving this message because you are subscribed to<br>
the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net">ARIN-PPML@arin.net</a>).<br>
Unsubscribe or manage your mailing list subscription at:<br>
<a href="http://lists.arin.net/mailman/listinfo/arin-ppml" target="_blank">http://lists.arin.net/mailman/listinfo/arin-ppml</a><br>
Please contact <a href="mailto:info@arin.net">info@arin.net</a> if you experience any issues.<br>
_______________________________________________<br>
PPML<br>
You are receiving this message because you are subscribed to<br>
the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net">ARIN-PPML@arin.net</a>).<br>
Unsubscribe or manage your mailing list subscription at:<br>
<a href="http://lists.arin.net/mailman/listinfo/arin-ppml" target="_blank">http://lists.arin.net/mailman/listinfo/arin-ppml</a><br>
Please contact <a href="mailto:info@arin.net">info@arin.net</a> if you experience any issues.<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</body>
</html>