Re: ARIN RPKI TAL deployment issues

[Job Snijders <job () ntt net>]

Dear John,

On Tue, Sep 25, 2018 at 08:28:54PM +0000, John Curran wrote:
> On 25 Sep 2018, at 3:34 PM, Job Snijders <job () ntt net> wrote:
> > On Tue, Sep 25, 2018 at 03:07:54PM -0400, John Curran wrote:
> > > On Sep 25, 2018, at 1:30 PM, Job Snijders <job () ntt net> wrote:
> > > >   """Using the data, we can also see that the providers that have not
> > > >   downloaded the ARIN TAL. Either because they were not aware that
> > > >   they needed to, or could not agree to the agreement they have with
> > > >   it.
> > >
> > > Is it possible to ascertain how many of those who have not downloaded
> > > the ARIN TAL are also publishing ROA’s via RIPE’s CA?
> >
> > I'm sure we could extend the data set to figure this out. 
>
> It would be informative to know how many organizations potentially
> have concerns about the indemnification clause in the RPA but already
> agree to indemnification via RIPE NCC Certification Service Terms and
> Conditions.

This seems a matter of personal curiosity that perhaps distracts from
the problem at hand: the ARIN TAL is less widely deployed than the other
TALs.

I'm open to solutions or suggestions to get the ARIN TAL more widely
distributed, however I do think that inclusion in the RPKI Cache
Validators is a *key* element, so the ARIN TAL can be used after a
default installation of such software.

We really need to bring it back down to "apt install rpki-cache-validator"
to best serve the interests of the ARIN members. Imagine the Chrome
browser shipping without any of the TLS Root Certificates, or Unbound
without the DNSSEC root key!

Kind regards,

Job