Re: ARIN RPKI TAL deployment issues

[John Curran <jcurran () arin net>]

On 25 Sep 2018, at 5:51 PM, Job Snijders <job () ntt net<mailto:job () ntt net>> wrote:
...
It may make sense to associate an implicit agreement (or perhaps a
license?) with the ARIN TAL to limit risks to the ARIN organisation.
"Use at your own risk"-style clauses are common and acceptable.

Job -

We did look at using a specific set of terms (rather similar to the indeminifcation used by the RIPE in their RPKI 
Certification Services terms) via a referenced agreement for this purpose, but making that actually legally binding in 
the US legal environment is a bit challenging.

Absent a specific action (such as our present “browserwrap” approach of specifically downloading the TAL), US courts 
have not generally recognized mere usage of software as an indication of informed consent to enter into an agreement – 
hence the RPA download, and why so many things in the US require some form of explicit acknowledgement in order to 
proceed.

I'd like to frame the discussion in context of what software developers
and distributors can do to be able to include the ARIN TAL (by default)
rather than focus on getting thousands of organisations to separately
download & install a TAL file. The latter approach doesn't scale.  We're
both at NANOG next week, I'd love to sit down and have a cup of coffee.

Quite understandable - I suspend we’ll hear some more about these issues during David Wishnick’s session, and 
coffee-fueled discussion afterwards is encouraged.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers