On Sep 7, 2012, at 7:31 AM, Randy Bush <randy@psg.com> wrote:
If a relying party's use of PKI infrastructure legally equated to acceptance of the relying party agreement (RPA), then having an explicit record of acceptance of the RPA would not be necessary.
Alas, it does not appear possible to equate use of PKI certificates with agreement to the associated RPA (and some might argue that this is a feature, as some folks would not want to be legally bound to an agreement which they did not explicitly review and accept.)
do you have a r&d group devoted to how much you can delay, damage, warp, half-assed implement, ... rpki? look around you at the real world, the other rirs (especiall ripe/ncc), etc. the only part of it where arin seems to be doing a serious job is bs generation. thanks.
Good morning Randy - Are you indicating that RPKI services should be offered without any RPA (and/or CPS) at all, or that these agreements should legally adhere without explicit agreement? There is an statement expressing that CPS or RPA might benefit from the latter treatment in section 3.4 of the Internet PKI framework (RFC 3647), but it does not actually hold legally true at the present time. If you have more insight or clarity on this matter, it would be most welcome. Thanks! /John John Curran President and CEO ARIN