Re: ARIN RPKI services terms/conditions - Change to Management of the Trust Anchor Locator for ARIN’s RPKI Service

Lukas Tribus lukas at
Tue Sep 27 11:21:09 UTC 2022

Hello John,

On Mon, 26 Sept 2022 at 23:48, John Curran <jcurran at> wrote:
> NANOGers -
> Changes in terms and conditions for ARIN's RPKI service – more specifically being
> changes in ARIN’s Relaying Party Agreement terms and related Trust Anchor Locator
> management approach – see the attached announcement for details.

Considering that RP vendors and operators globally are hopefully using
the ARIN TAL and not everybody is a native english speaking lawyer,
can we simplify this a little further?

There appears to already be a disparity between different
interpretations regarding this change.

Here [1] an RP vendor claims "no additional steps are needed to use
the @TeamARIN TAL" (just like every other TALs).
Somebody else [2] appears to disagree.

The new section 9 appears to mandate that RP software checks to
confirm that the user has accepted the RPA (or another agreements with
those terms passed through "at least as protective of ARIN").

So lets put this in pseudocode for RP developers:

Previously, a setup/install helper could ask the user if ARIN RPA has
been agreed to, and in that case, download the ARIN TAL (487 byte
sized as of today).

Now a setup/install helper could ask the user if ARIN RPA has been
agreed to, and in that case, enable the use of the ARIN TAL which can
now be shipped with the product.

Can a RP validator ship and use the ARIN TAL by default, without
additional steps and confirmations by the user?

If not, what is the actual benefit of this change, other than the 487
byte download of the TAL file not being necessary any more?

Which issues of the 2019 paper "Lowering Legal Barriers to RPKI
Adoption" [3] in your opinion does this change address?

Thank you,

Lukas Tribus


More information about the NANOG mailing list