ARIN RPKI TAL deployment issues

John Curran jcurran at
Wed Sep 26 11:07:49 UTC 2018

On 26 Sep 2018, at 6:42 AM, Tony Finch <dot at> wrote:
> John Curran <jcurran at> wrote:
>> On 26 Sep 2018, at 2:09 AM, Christopher Morrow <morrowc.lists at<mailto:morrowc.lists at>> wrote:
>>> how is arin's problem here different from that which 'lets encrypt' is
>>> facing with their Cert things?
>> The “Let’s encrypt” subscriber agreement (current version 1.2, 15 Nov
>> 2018) includes "indemnify and hold harmless” clause, and parties
>> affirmatively agree to those terms by requesting that ISRG issue a
>> "Let’s Encrypt” Certificate to you.
> The difference is that the Let's Encrypt agreement is for people obtaining
> certificates from them. The ARIN equivalent would be the agreement for
> ARIN members.
> Let's Encrypt does not require an agreement from relying parties (i.e.
> browser users), whereas ARIN does.

Tony - 

That is correct; I did not say that they were parallel situations, only pointing out that the Let’s Encrypt folks also go beyond simply providing services “as is”, and require indemnification from those engaging their CA services, just as ARIN, RIPE, APNIC do…  

ARIN and APNIC go further by having indemnification by parties using information in the CA; in ARIN’s case, this requires an explicit act of acceptance to be legally valid.


John Curran
President and CEO


More information about the NANOG mailing list