ARIN RPKI TAL deployment issues
jcurran at arin.net
Wed Sep 26 11:07:49 UTC 2018
On 26 Sep 2018, at 6:42 AM, Tony Finch <dot at dotat.at> wrote:
> John Curran <jcurran at arin.net> wrote:
>> On 26 Sep 2018, at 2:09 AM, Christopher Morrow <morrowc.lists at gmail.com<mailto:morrowc.lists at gmail.com>> wrote:
>>> how is arin's problem here different from that which 'lets encrypt' is
>>> facing with their Cert things?
>> The “Let’s encrypt” subscriber agreement (current version 1.2, 15 Nov
>> 2018) includes "indemnify and hold harmless” clause, and parties
>> affirmatively agree to those terms by requesting that ISRG issue a
>> "Let’s Encrypt” Certificate to you.
> The difference is that the Let's Encrypt agreement is for people obtaining
> certificates from them. The ARIN equivalent would be the agreement for
> ARIN members.
> Let's Encrypt does not require an agreement from relying parties (i.e.
> browser users), whereas ARIN does.
That is correct; I did not say that they were parallel situations, only pointing out that the Let’s Encrypt folks also go beyond simply providing services “as is”, and require indemnification from those engaging their CA services, just as ARIN, RIPE, APNIC do…
ARIN and APNIC go further by having indemnification by parties using information in the CA; in ARIN’s case, this requires an explicit act of acceptance to be legally valid.
President and CEO
More information about the NANOG