nanog mailing list archives
Re: ARIN RPKI TAL deployment issues
From: John Curran <jcurran () arin net>
Date: Wed, 26 Sep 2018 11:16:35 +0000
On 26 Sep 2018, at 3:29 AM, Jared Mauch <jared () puck nether net> wrote:
The process for lets encrypt is fairly straightforward, it collects some minimal information (eg: e-mail address, domain name) and then does all the voodoo necessary. If ARIN were to make this request of the developers of RPKI software, it would seem reasonable to have that passed to ARIN via some API saying “bob () example com” typed “Agree” to the ARIN TAL as part of the initial installation of the software.
Jared - Interesting point – thank you for the very clear elaboration of this particular issue. Would it suffice if ARIN made clear in its RPKI information that software installation tools may download the ARIN TAL on behalf of a party so long as the parry agrees to statement displayed which reads “This software utilizes information from the ARIN Certificate Authority, and such usage is subject to the ARIN Relying Party Agreement. Type ‘Agree’ to proceed” ?
Please work with the developers for a suitable method to include the ARIN TAL by default. Come up with the click-accept legalese necessary. Since you asked, here’s what they did with the CertBot that’s commonly used by Lets Encrypt: (The first time you run the command, it will make an account, and ask for an email and agreement to the Let’s Encrypt Subscriber Agreement; you can automate those with --email and --agree-tos)
Acknowledged; I believe that allowing something similar to enable software installation tools to download the ARIN TAL for a party should be relatively straightforward – I will research that asap. Thanks! /John John Curran President and CEO ARIN
Current thread:
- Re: ARIN RPKI TAL deployment issues, (continued)
- Re: ARIN RPKI TAL deployment issues Mark Milhollan (Sep 26)
- Re: ARIN RPKI TAL deployment issues John Curran (Sep 27)
- Re: ARIN RPKI TAL deployment issues Stuart Henderson (Sep 28)
- Re: ARIN RPKI TAL deployment issues Anderson, Charles R (Sep 28)
- Towards an RPKI-rich Internet (and the appropriate allocation of responsibility in the event an RIR RPKI CA outage) John Curran (Sep 30)
- Re: ARIN RPKI TAL deployment issues Jared Mauch (Sep 25)
- Re: ARIN RPKI TAL deployment issues John Curran (Sep 25)
- Re: ARIN RPKI TAL deployment issues Christopher Morrow (Sep 25)
- Re: ARIN RPKI TAL deployment issues John Curran (Sep 26)
- Re: ARIN RPKI TAL deployment issues Jared Mauch (Sep 26)
- Re: ARIN RPKI TAL deployment issues John Curran (Sep 26)
- Re: ARIN RPKI TAL deployment issues Jared Mauch (Sep 26)
- Re: ARIN RPKI TAL deployment issues John Curran (Sep 26)
- Re: ARIN RPKI TAL deployment issues Claudio Jeker (Sep 26)
- Re: ARIN RPKI TAL deployment issues Tony Finch (Sep 26)
- Re: ARIN RPKI TAL deployment issues John Curran (Sep 26)
- Re: ARIN RPKI TAL deployment issues Job Snijders (Sep 26)
- Re: ARIN RPKI TAL deployment issues John Curran (Sep 26)
- Re: ARIN RPKI TAL deployment issues Tony Finch (Sep 26)
- Re: ARIN RPKI TAL deployment issues John Curran (Sep 26)
- Re: ARIN RPKI TAL deployment issues Baldur Norddahl (Sep 26)