RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389,

Valdis Kl=?utf-8?Q?=c4=93?=tnieks valdis.kletnieks at vt.edu
Wed Aug 14 17:35:00 UTC 2019

On Wed, 14 Aug 2019 16:07:49 -0000, John Curran said:

> > But I suspect a lot of companies are reading it as: "If a spammer sues you for using
> > a block list that prevents them from spamming your customers, you can't end up
> > owing money to the block list maintainers.  But if you rely on the ARIN TAL, and get
> > sued by an address hijacker, you could end up owing money to ARIN".

> It's is not "you owe money to ARIN", but it could be "you need to defend both
> yourself and ARIN from your customers litigation should you get it wrong."

Is there any workable way to remove or diminish the perception of liability in
the case of using it *correctly*?   I admit that (a) I'm not a lawyer and (b)
when I actually tried to read it I couldn't actually tell if it was "you
promise to defend us if you screw it up and customer traffic gets accidentally
dropped on the floor" or "you promise to defend us if you use it correctly and
miscreant traffic is intentionally dropped on the floor"...

There's obviously a disconnect where people aren't worried about indemnifying
Spamhaus for using their block list, but are worried about indemnifying ARIN for
using the TAL.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190814/8042d6f5/attachment.sig>

More information about the NANOG mailing list