nanog mailing list archives
Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)
From: John Curran <jcurran () arin net>
Date: Wed, 14 Aug 2019 11:01:11 +0000
On 14 Aug 2019, at 1:21 AM, Ronald F. Guilmette <rfg () tristatelogic com<mailto:rfg () tristatelogic com>> wrote: In message <06570278-E1AD-4BB0-A9FC-11A77BED76E1 () arin net<mailto:06570278-E1AD-4BB0-A9FC-11A77BED76E1 () arin net>>, John Curran <jcurran () arin net<mailto:jcurran () arin net>> wrote: Even so, we at ARIN are in the midst of a Board-directed review of the RPKI legal framework to see if any improvements can be made <https://www.arin.net/ vault/participate/meetings/reports/ARIN_43/PDF/PPM/curran_rpki.pdf> – I will provide further updates once it is completed. This is an excellent presentation John, and I'm real glad to see that you have done such a nice job on it and touched on all of the important points. In particular, I'm glad that you clarified that if everyone is just doing what they ought to be doing, i.e. following best practices, then even if RPKI central and all of its sister satellites should all be simultaneously hit by metorites, then in theory at least, nobody should be any worse off than they already are today. And yes, I can't argue and won't argue that some folks aren't going to be bozos and screw up their RPKI deployment, and then some of them -may- possibly want to blame ARIN for -their- screw ups, but I continue to have trouble envisioning how this would ever traslate into a lawsuit that wouldn't simply be laughed out of court in about five seconds if handled properly. Alas, it’s not those who fail to properly configure RPKI that are likely to be litigating, but rather their impacted customers and those customers' business partners who all were unable to communicate due to no fault of their own. Such a matter will not be thrown out of court, but will be the start of a long and very expensive process involving claims, discovery, experts, etc. (a recent legal matter that was promptly resolved in ARIN’s favor pre-litigation still resulted in more than 1/3 million USD in costs...) Absent a specific reason for dismissal, it is only in actual trial that the preponderance of evidence gets considered – and note that in such a dispute, we’d end up with a jury of regular folks hearing fairly technical arguments about certificate validation, covering ROA’s, caching, etc. In other words, even if handled perfectly, your five second estimate is likely off by a year or more (and hence the reason for indemnification - it provides a clear basis for ARIN’s exit from the matter, as it makes plain that the liability resulting from use of the RPKI repository lies with the ISP.) Thanks, /John John Curran President and CEO American Registry for Internet Numbers
Current thread:
- Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17, (continued)
- Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17 Ronald F. Guilmette (Aug 13)
- RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17) John Curran (Aug 13)
- Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17) William Herrin (Aug 13)
- Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17) John Curran (Aug 13)
- Re: RPKI adoption Hank Nussbacher (Aug 13)
- Re: RPKI adoption William Herrin (Aug 13)
- Re: RPKI adoption John Curran (Aug 14)
- Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17) William Herrin (Aug 13)
- Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17) John Curran (Aug 14)
- Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17) Ronald F. Guilmette (Aug 13)
- Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17) John Curran (Aug 14)
- Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17) Ronald F. Guilmette (Aug 14)
- Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17) Matthew Petach (Aug 13)
- Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17) John Curran (Aug 14)
- Re: RPKI adoption Job Snijders (Aug 14)
- Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17) Valdis Klētnieks (Aug 14)
- Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17) John Curran (Aug 14)
- Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17) Rubens Kuhl (Aug 14)
- Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17) Valdis Klētnieks (Aug 14)
- Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17) Anne P. Mitchell, Esq. (Aug 14)
- RE: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17) Michel Py (Aug 15)