ARIN RPKI TAL deployment issues
jcurran at arin.net
Wed Sep 26 11:16:35 UTC 2018
On 26 Sep 2018, at 3:29 AM, Jared Mauch <jared at puck.nether.net> wrote:
> The process for lets encrypt is fairly straightforward, it collects some minimal information (eg: e-mail address, domain name) and then does all the voodoo necessary. If ARIN were to make this request of the developers of RPKI software, it would seem reasonable to have that passed to ARIN via some API saying “bob at example.com” typed “Agree” to the ARIN TAL as part of the initial installation of the software.
Interesting point – thank you for the very clear elaboration of this particular issue.
Would it suffice if ARIN made clear in its RPKI information that software installation tools may download the ARIN TAL on behalf of a party so long as the parry agrees to statement displayed which reads “This software utilizes information from the ARIN Certificate Authority, and such usage is subject to the ARIN Relying Party Agreement. Type ‘Agree’ to proceed” ?
> Please work with the developers for a suitable method to include the ARIN TAL by default. Come up with the click-accept legalese necessary.
> Since you asked, here’s what they did with the CertBot that’s commonly used by Lets Encrypt:
> (The first time you run the command, it will make an account, and ask for an email and agreement to the Let’s Encrypt Subscriber Agreement; you can automate those with --email and --agree-tos)
Acknowledged; I believe that allowing something similar to enable software installation tools to download the ARIN TAL for a party should be relatively straightforward – I will research that asap.
President and CEO
More information about the NANOG