ARIN's RPKI Relying agreement

John Curran jcurran at
Thu Dec 4 22:43:21 UTC 2014

On Dec 4, 2014, at 2:33 PM, Jared Mauch <jared at> wrote:
> the fact it’s taken 3 months to reach the board is of concern to me for an issue
> that was raised (prior to the October meeting) by operators, andwhere you
> were an active part of the discussion afterwards in the back of the plenary
> room.

Jared - We kicked off a project to address the concerns within two weeks 
of ARIN/NANOG, doing so despite not have any clear consensus that providing 
ready access to the TAL without a click-accept RPA and switching to an 
implicit service agreement would materially improve things.  I guess we 
could have waited for consensus on indemnification (or no indemnification),
but it's not clear whether any consensus will ever emerge on that issue.

> While you asked Wes, I certainly felt I was clear in telling you
> Yes that letting the existing RSA where you claimed also covered this would
> protect ARIN.  If you have not discussed this with counsel since then, that
> feels to me like something that should have already occurred.  Perhaps you
> are waiting until January though, I don’t know your thought process but
> it seems that a few months is enough time for it to occur (IMHO).

Addressing these RPKI issues is important, but there is quite a bit of 
other activities going on at the same time.  Furthermore, revisiting 
RPKI terms and conditions and the imputed risk definitely requires a 
face-to-face Board discussion, and January is the first one scheduled 
after the ARIM Baltimore meeting in October.

> The actions of ARIN here speak volumes to the contempt that we observe
> towards those desiring to do standards body work on RPKI.  This concerns
> me in my role of obtaining ARIN resources.  I also wonder what other ways
> that ARIN has displeasure in the members that it’s not publicly voicing
> or making apparent.

Jared - Feel free to raise any concerns with the Board if you wish; many 
(like Bill Woodcock) are on the nanog list, but in any case they all have 
emails listed here - <>

> I’m also willing to accept that I may be sleep deprived, grumpy and that
> everyone here has hit upon a nerve about the RPA which I see as unresolved.

Agreed, and work is underway to address.

> At the last IETF meeting I raised the issue that if this (RPKI) goes poorly
> in its deployment, here we would just be turning it off if there was some
> catastrophic protocol or operational issue.  People depend upon the internet
> to work and anything to reduce the reliability of it won’t be widely used.

That's very true, but getting folks to invest time & effort in internal,
non-customer facing capabilities is very hard (and doubly so for things 
still in flux like RPKI.)  

If it were easy, we'll already have a community all of whom used some form 
of route filtering, either registry or IRR derived, and payoff from adding
RPKI would be nominal...

> I am hoping that ARIN will be a partner in these activities vs what feels like
> feet dragging along the way.  RPKI/SIDR may not be successful in the long
> term, but until that outcome is reached, we need ARIN to be part of
> the community and your leadership here is welcome and necessary.

ARIN is very much part of the RPKI community, including participating in 
the IETF sidr activities, deploying both hosted and delegated RPKI support, 
etc.  We're actively involved, but also attentive to details, particular
when it comes to risk analysis.


John Curran
President and CEO

More information about the NANOG mailing list