<div dir="ltr"><div dir="ltr">John,<div><br></div><div>I am encouraged by these changes, however, I don't think they go far enough.</div><div><br></div><div>I've been thinking about these issues for a while now, particularly the issue of requiring a valid and binding Relying Party Agreement (RPA) on a global basis. In my opinion, this seems to run counter to at least the spirit of ICP-2. While ICP-2 deals with the formation of new RIR's, it says, "each region should be served by a single RIR." This seems to strongly imply, that an LIR (ISPs) should only have to contract with or otherwise do business with the RIR(s) for which the LIR operates within the service regions of the RIR(s).</div><div><br></div>Furthermore, if the other RIR's have similar requirements as ARIN for valid and binding RPAs on a global basis, whether through a formal contract as with ARIN or through terms expressed in the Certificate or Certificate Practice Statement (CPS) this would mean I would need to convince the lawyers at the University of Minnesota that we needed binding contracts with each of the five RIRs. To be honest, I doubt this would be achievable, and ICP-2 seems to imply this should not be necessary as we only operate our network within the ARIN service region. However, even though we only operate a network within the ARIN service region the University of Minnesota has assets around the globe, which makes the risks of contracting with the other RIRs difficult to determine but probably quite sizable.<div> <br>Further, if it is truly necessary to have binding agreements with each of the RIR's or that all operators globally need to contract with ARIN in order to validate RPKI then I think we need to rethink RPKI or at least rethink how RPKI is currently deployed. Maybe the RIRs need to contract with each other on behalf of their members and resign each other's certificates, so a binging RPA is only necessary with your home RIR, and you only need the TAL of your home RIR to validate ROA's on a global basis.</div><div><br></div><div>Thank you.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Oct 21, 2019 at 1:01 PM John Curran <<a href="mailto:jcurran@arin.net" target="_blank">jcurran@arin.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
FYI,
<div>/John<br>
<div><br>
<blockquote type="cite">
<div>Begin forwarded message:</div>
<br>
<div style="margin:0px">
<span style="font-family:-webkit-system-font,"Helvetica Neue",Helvetica,sans-serif;color:rgb(0,0,0)"><b>From:
</b></span><span style="font-family:-webkit-system-font,"Helvetica Neue",Helvetica,sans-serif">ARIN <<a href="mailto:info@arin.net" target="_blank">info@arin.net</a>><br>
</span></div>
<div style="margin:0px">
<span style="font-family:-webkit-system-font,"Helvetica Neue",Helvetica,sans-serif;color:rgb(0,0,0)"><b>Subject:
</b></span><span style="font-family:-webkit-system-font,"Helvetica Neue",Helvetica,sans-serif"><b>[arin-announce] ARIN Announces New Relying Party Agreement (RPA) To Spur Use of RPKI</b><br>
</span></div>
<div style="margin:0px">
<span style="font-family:-webkit-system-font,"Helvetica Neue",Helvetica,sans-serif;color:rgb(0,0,0)"><b>Date:
</b></span><span style="font-family:-webkit-system-font,"Helvetica Neue",Helvetica,sans-serif">21 October 2019 at 10:52:40 AM PDT<br>
</span></div>
<div style="margin:0px">
<span style="font-family:-webkit-system-font,"Helvetica Neue",Helvetica,sans-serif;color:rgb(0,0,0)"><b>To:
</b></span><span style="font-family:-webkit-system-font,"Helvetica Neue",Helvetica,sans-serif"><<a href="mailto:arin-announce@arin.net" target="_blank">arin-announce@arin.net</a>><br>
</span></div>
<div>
<div><br>
Today, ARIN published a new Relying Party Agreement (RPA) for RPKI.<br>
<br>
Visit: <a href="https://www.arin.net/resources/manage/rpki/rpa.pdf" target="_blank">https://www.arin.net/resources/manage/rpki/rpa.pdf</a><br>
<br>
Background: In response to feedback from the community, ARIN had<br>
previously updated its processes to allow organizations to directly<br>
download our Trust Anchor Locator (TAL) from our website, noting that by<br>
doing so they were agreeing to be bound by the RPA. This was intended to<br>
accommodate and overcome claimed barriers to RPKI adoption.<br>
<br>
Visit: <a href="https://www.arin.net/resources/manage/rpki/tal/" target="_blank">https://www.arin.net/resources/manage/rpki/tal/</a><br>
<br>
Today’s new RPA includes modifications to address constructive<br>
suggestions that have been raised by members of the community both<br>
publicly and directly with ARIN. ARIN has included the following changes<br>
in the RPA:<br>
<br>
* The ability to make available the ARIN RPKI information to any<br>
third party for informational purposes (e.g. reporting, educational,<br>
research, summary or statistical purposes) has been expanded to allow<br>
for distribution in machine-readable formats; and<br>
<br>
* The RPA’s indemnification clause has been more narrowly scoped to<br>
exclude the indemnification of possible ARIN misconduct.<br>
<br>
ARIN has also now made a Redistributor RPA available for qualified<br>
organizations that wish to distribute RPKI-related data for purposes not<br>
covered in this standard RPA, including but not limited to distribution<br>
for real-time routing purposes. Interested organizations should contact<br>
ARIN via the information available on the Trust Anchor Locator page on<br>
our website.<br>
<br>
Visit: <a href="https://www.arin.net/resources/manage/rpki/rpa_redistributor.pdf" target="_blank">
https://www.arin.net/resources/manage/rpki/rpa_redistributor.pdf</a><br>
<br>
ARIN hopes that these additional changes to the RPA, alongside<br>
simplified access to the TAL, will encourage organizations’ adoption of<br>
RPKI to secure Internet routing.<br>
<br>
<br>
Regards,<br>
<br>
John Curran<br>
President and CEO<br>
American Registry for Internet Numbers (ARIN)<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
_______________________________________________<br>
ARIN-PPML<br>
You are receiving this message because you are subscribed to<br>
the ARIN Public Policy Mailing List (<a href="mailto:ARIN-PPML@arin.net" target="_blank">ARIN-PPML@arin.net</a>).<br>
Unsubscribe or manage your mailing list subscription at:<br>
<a href="https://lists.arin.net/mailman/listinfo/arin-ppml" rel="noreferrer" target="_blank">https://lists.arin.net/mailman/listinfo/arin-ppml</a><br>
Please contact <a href="mailto:info@arin.net" target="_blank">info@arin.net</a> if you experience any issues.<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr">===============================================<br>David Farmer <a href="mailto:Email%3Afarmer@umn.edu" target="_blank">Email:farmer@umn.edu</a><br>Networking & Telecommunication Services<br>Office of Information Technology<br>University of Minnesota <br>2218 University Ave SE Phone: 612-626-0815<br>Minneapolis, MN 55414-3029 Cell: 612-812-9952<br>=============================================== </div>
</div>