On Dec 4, 2014, at 2:19 PM, John Curran <jcurran@arin.net> wrote:
On Dec 4, 2014, at 1:19 PM, Jared Mauch <jared@puck.nether.net> wrote:
I (similar to Rob) have my own concerns about RPKI but do feel that this is an ARIN specific construct/wall that has been raised without action yet from ARIN.
Jared -
Please be specific - are you referring to the indemnification clauses (which are existing in other RIRs as well), the method of agreement, or not having ready access to the TAL, i.e. the click-accept access?
I have other technical and administrative concerns which I won’t go into great detail here about.
The fact that the meeting was 2 months ago and you have not acted/discussed with your counsel says everything I need to know about the situation, your personal motives and your personal desires for the outcomes. I hope it doesn’t represent your employer and that the ARIN Board brings it up with you.
Incorrect. Despite the lack of clarity, we started work on 27 October with both inside and external counsel regarding drafting some updates to the RPKI legal framework. This effort should be ready to be brought to the ARIN Board in January for their consideration, but it would be helpful to have more clarity on the concerns (i.e. is it access to the TAL, or the requirement for explicit agreement to terms and conditions, or the presence of indemnification/warrant-disclaimer language regardless of method of binding)
the fact it’s taken 3 months to reach the board is of concern to me for an issue that was raised (prior to the October meeting) by operators, and where you were an active part of the discussion afterwards in the back of the plenary room. While you asked Wes, I certainly felt I was clear in telling you Yes that letting the existing RSA where you claimed also covered this would protect ARIN. If you have not discussed this with counsel since then, that feels to me like something that should have already occurred. Perhaps you are waiting until January though, I don’t know your thought process but it seems that a few months is enough time for it to occur (IMHO).
At present, I am working on addressing the TAL access and the explicit agreement concerns that were raised during Wes's NANOG session. These are relatively straightforward to work with counsel and propose to the ARIN Board for their consideration. The issue of indemnification is far more challenging, and hence my reason for asking about the underlying need for such and how folks are handling its presence in other RIR RPKI terms and conditions.
The actions of ARIN here speak volumes to the contempt that we observe towards those desiring to do standards body work on RPKI. This concerns me in my role of obtaining ARIN resources. I also wonder what other ways that ARIN has displeasure in the members that it’s not publicly voicing or making apparent. I’m also willing to accept that I may be sleep deprived, grumpy and that everyone here has hit upon a nerve about the RPA which I see as unresolved. At the last IETF meeting I raised the issue that if this (RPKI) goes poorly in its deployment, here we would just be turning it off if there was some catastrophic protocol or operational issue. People depend upon the internet to work and anything to reduce the reliability of it won’t be widely used. I am hoping that ARIN will be a partner in these activities vs what feels like feet dragging along the way. RPKI/SIDR may not be successful in the long term, but until that outcome is reached, we need ARIN to be part of the community and your leadership here is welcome and necessary. - Jared