Re: ARIN's RPKI Relying agreement

[Jared Mauch <jared () puck nether net>]

> On Dec 4, 2014, at 2:19 PM, John Curran <jcurran () arin net> wrote:
>
> On Dec 4, 2014, at 1:19 PM, Jared Mauch <jared () puck nether net> wrote:
> > I (similar to Rob) have my own concerns about RPKI but do feel that
> > this is an ARIN specific construct/wall that has been raised without
> > action yet from ARIN.  
>
> Jared - 
>
>  Please be specific - are you referring to the indemnification clauses
>  (which are existing in other RIRs as well), the method of agreement, 
>  or not having ready access to the TAL, i.e. the click-accept access?

I have other technical and administrative concerns which I won’t go into
great detail here about.

> > The fact that the meeting was 2 months ago and you have not acted/discussed
> > with your counsel says everything I need to know about the situation, your
> > personal motives and your personal desires for the outcomes.  I hope it
> > doesn’t represent your employer and that the ARIN Board brings it up with you.
>
>  Incorrect.  Despite the lack of clarity, we started work on 27 October 
>  with both inside and external counsel regarding drafting some updates
>  to the RPKI legal framework.  This effort should be ready to be brought
>  to the ARIN Board in January for their consideration, but it would be 
>  helpful to have more clarity on the concerns (i.e. is it access to the 
>  TAL, or the requirement for explicit agreement to terms and conditions, 
>  or the presence of indemnification/warrant-disclaimer language regardless
>  of method of binding)

the fact it’s taken 3 months to reach the board is of concern to me for an issue
that was raised (prior to the October meeting) by operators, and where you
were an active part of the discussion afterwards in the back of the plenary
room.  While you asked Wes, I certainly felt I was clear in telling you
Yes that letting the existing RSA where you claimed also covered this would
protect ARIN.  If you have not discussed this with counsel since then, that
feels to me like something that should have already occurred.  Perhaps you
are waiting until January though, I don’t know your thought process but
it seems that a few months is enough time for it to occur (IMHO).

>  At present, I am working on addressing the TAL access and the explicit 
>  agreement concerns that were raised during Wes's NANOG session.  These 
>  are relatively straightforward to work with counsel and propose to the 
>  ARIN Board for their consideration.  The issue of indemnification is far 
>  more challenging, and hence my reason for asking about the underlying 
>  need for such and how folks are handling its presence in other RIR RPKI 
>  terms and conditions.

The actions of ARIN here speak volumes to the contempt that we observe
towards those desiring to do standards body work on RPKI.  This concerns
me in my role of obtaining ARIN resources.  I also wonder what other ways
that ARIN has displeasure in the members that it’s not publicly voicing
or making apparent.

I’m also willing to accept that I may be sleep deprived, grumpy and that
everyone here has hit upon a nerve about the RPA which I see as unresolved.

At the last IETF meeting I raised the issue that if this (RPKI) goes poorly
in its deployment, here we would just be turning it off if there was some
catastrophic protocol or operational issue.  People depend upon the internet
to work and anything to reduce the reliability of it won’t be widely used.

I am hoping that ARIN will be a partner in these activities vs what feels like
feet dragging along the way.  RPKI/SIDR may not be successful in the long
term, but until that outcome is reached, we need ARIN to be part of
the community and your leadership here is welcome and necessary.

- Jared