ARIN's RPKI Relying agreement

John Curran jcurran at
Fri Dec 5 07:34:12 UTC 2014

On Dec 4, 2014, at 2:19 PM, Sandra Murphy <sandy at> wrote:
> ...
> Which begs the question for me -- ARIN already operates services that operators rely upon.  Why are they different?  Does ARIN run no risk of litigation due to some perceived involvement of those services in someone's operational outage?

Sandra - 

From the discussion over on PPML...

  Parties are likely to use RPKI services such that (as someone put
  it recently) - "routing decisions are affected and breakage happens” 

  While such impacts could happen with whois, parties would have to 
  create the linkages themselves, whereas with RPKI it is recognized
  that the system is designed to provide information for influencing of
  routing decisions (a major difference, and one that a judge could be
  made to recognize if some service provider has a prolonged outage
  due to their own self-inflicted Whois data wrangling into routing filters.)

  Given the nature of RPKI, it is clear that ARIN needs to engineer the 
  service with full awareness of the potential risks (even though such 
  risks are predominantly the result of parties using RPKI data without 
  appropriate best practices.)   We have no problem offering a highly-
  reliable service; the risk of concern stems from third-parties who suffer
  major damages and want to assert that it was the result of an ISP’s 
  misusage of ARIN’s RPKI service or ARIN’s RPKI service itself, even 
  if the underlying cause in truth was completely unrelated to ARIN’s 
  RPKI services.  Recognize that large harmed parties tend to litigate 
  everyone, with the innocent parties extracting themselves only after 
  lengthy battles, and such battles are very difficult when it comes to 
  proving the proper state of technical service at a given point in time.

  I hope this helps in outlining some of the significant differences.


John Curran
President and CEO

More information about the NANOG mailing list