ARIN RPKI TAL deployment issues

Tue Sep 25 22:18:00 UTC 2018

On 25 Sep 2018, at 5:51 PM, Job Snijders <job at ntt.net<mailto:job at ntt.net>> wrote:
...
It may make sense to associate an implicit agreement (or perhaps a
license?) with the ARIN TAL to limit risks to the ARIN organisation.
"Use at your own risk"-style clauses are common and acceptable.

Job -

We did look at using a specific set of terms (rather similar to the indeminifcation used by the RIPE in their RPKI Certification Services terms) via a referenced agreement for this purpose, but making that actually legally binding in the US legal environment is a bit challenging.

Absent a specific action (such as our present “browserwrap” approach of specifically downloading the TAL), US courts have not generally recognized mere usage of software as an indication of informed consent to enter into an agreement – hence the RPA download, and why so many things in the US require some form of explicit acknowledgement in order to proceed.

I'd like to frame the discussion in context of what software developers
and distributors can do to be able to include the ARIN TAL (by default)
rather than focus on getting thousands of organisations to separately
download & install a TAL file. The latter approach doesn't scale.  We're
both at NANOG next week, I'd love to sit down and have a cup of coffee.

Quite understandable - I suspend we’ll hear some more about these issues during David Wishnick’s session, and coffee-fueled discussion afterwards is encouraged.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180925/726e24dd/attachment.html>