Re: ARIN RPKI TAL deployment issues

[John Curran <jcurran () arin net>]

On 26 Sep 2018, at 6:42 AM, Tony Finch <dot () dotat at> wrote:
> John Curran <jcurran () arin net> wrote:
> > On 26 Sep 2018, at 2:09 AM, Christopher Morrow <morrowc.lists () gmail com<mailto:morrowc.lists () gmail com>> wrote:
> > > how is arin's problem here different from that which 'lets encrypt' is
> > > facing with their Cert things?
> >
> > The “Let’s encrypt” subscriber agreement (current version 1.2, 15 Nov
> > 2018) includes "indemnify and hold harmless” clause, and parties
> > affirmatively agree to those terms by requesting that ISRG issue a
> > "Let’s Encrypt” Certificate to you.
>
> The difference is that the Let's Encrypt agreement is for people obtaining
> certificates from them. The ARIN equivalent would be the agreement for
> ARIN members.
>
> Let's Encrypt does not require an agreement from relying parties (i.e.
> browser users), whereas ARIN does.


Tony - 

That is correct; I did not say that they were parallel situations, only pointing out that the Let’s Encrypt folks also 
go beyond simply providing services “as is”, and require indemnification from those engaging their CA services, just as 
ARIN, RIPE, APNIC do…  

ARIN and APNIC go further by having indemnification by parties using information in the CA; in ARIN’s case, this 
requires an explicit act of acceptance to be legally valid.

Thanks!
/John

John Curran
President and CEO
ARIN