nanog mailing list archives

Re: ARIN RPKI TAL deployment issues

From: Jared Mauch <jared () puck nether net>
Date: Wed, 26 Sep 2018 09:26:51 -0400

On Sep 26, 2018, at 7:16 AM, John Curran <jcurran () arin net> wrote:

On 26 Sep 2018, at 3:29 AM, Jared Mauch <jared () puck nether net> wrote:


The process for lets encrypt is fairly straightforward, it collects some minimal information (eg: e-mail address, 
domain name) and then does all the voodoo necessary.  If ARIN were to make this request of the developers of RPKI 
software, it would seem reasonable to have that passed to ARIN via some API saying “bob () example com” typed 
“Agree” to the ARIN TAL as part of the initial installation of the software.


Jared - 

Interesting point – thank you for the very clear elaboration of this particular issue.


John,

Thank you for listening :-)

Would it suffice if ARIN made clear in its RPKI information that software installation tools may download the ARIN 
TAL on behalf of a party so long as the parry agrees to statement displayed which reads “This software utilizes 
information from the ARIN Certificate Authority, and such usage is subject to the ARIN Relying Party Agreement.  Type 
‘Agree’ to proceed” ?


I think this would help, but ideally you would allow people (software vendors) to package the TAL and if they type 
‘Agree’ it would allow use of it.

Please work with the developers for a suitable method to include the ARIN TAL by default.  Come up with the 
click-accept legalese necessary.

Since you asked, here’s what they did with the CertBot that’s commonly used by Lets Encrypt:

  (The first time you run the command, it will make an account, and ask for an email and agreement to the Let’s 
Encrypt Subscriber Agreement; you can automate those with --email and --agree-tos)


Acknowledged; I believe that allowing something similar to enable software installation tools to download the ARIN 
TAL for a party should be relatively straightforward – I will research that asap.


Thank you!  This and/or guidance to software developers about this being a permissible action on their part.  This 
should help improve things.

- Jared

Current thread:

Re: ARIN RPKI TAL deployment issues, (continued)
- - - Re: ARIN RPKI TAL deployment issues John Curran (Sep 27)
    - Re: ARIN RPKI TAL deployment issues Stuart Henderson (Sep 28)
    - Re: ARIN RPKI TAL deployment issues Anderson, Charles R (Sep 28)
    - Towards an RPKI-rich Internet (and the appropriate allocation of responsibility in the event an RIR RPKI CA outage) John Curran (Sep 30)
    - Re: ARIN RPKI TAL deployment issues Jared Mauch (Sep 25)
    - Re: ARIN RPKI TAL deployment issues John Curran (Sep 25)
    - Re: ARIN RPKI TAL deployment issues Christopher Morrow (Sep 25)
    - Re: ARIN RPKI TAL deployment issues John Curran (Sep 26)
    - Re: ARIN RPKI TAL deployment issues Jared Mauch (Sep 26)
    - Re: ARIN RPKI TAL deployment issues John Curran (Sep 26)
    - Re: ARIN RPKI TAL deployment issues Jared Mauch (Sep 26)
    - Re: ARIN RPKI TAL deployment issues John Curran (Sep 26)
    - Re: ARIN RPKI TAL deployment issues Claudio Jeker (Sep 26)
    - Re: ARIN RPKI TAL deployment issues Tony Finch (Sep 26)
    - Re: ARIN RPKI TAL deployment issues John Curran (Sep 26)
    - Re: ARIN RPKI TAL deployment issues Job Snijders (Sep 26)
    - Re: ARIN RPKI TAL deployment issues John Curran (Sep 26)
    - Re: ARIN RPKI TAL deployment issues Tony Finch (Sep 26)
    - Re: ARIN RPKI TAL deployment issues John Curran (Sep 26)
    - Re: ARIN RPKI TAL deployment issues Baldur Norddahl (Sep 26)
    - Re: ARIN RPKI TAL deployment issues John Curran (Sep 26)

(Thread continues...)