In message <F5375602-22D5-4983-8D8D-27252732E874@arin.net>, John Curran <jcurran@arin.net> wrote:
Alas, it’s not those who fail to properly configure RPKI that are likely to be litigating, but rather their impacted customers and those customers' business partners who all were unable to communicate due to no fault of their own.
Such a matter will not be thrown out of court, but will be the start of a long and very expensive process involving claims, discovery, experts, etc...
Perhaps. There are certainly some big players (AWS) that if routing were interrupted for even, say, 12 hours, a lot of folks would get really mad about. Correct me if I'm wrong, but one of your presentation slides seemed to suggest that a separate arms-length legal entity could be established to do the RPKI stuff, thus offloading most or all of the potential liability onto and into this separate entity, which could conveniently have minimal assets of the kind that might inspire members of the plaintiff's bar who are looking for deep pockets. Is that an actual possibility, or did you just throw that in there for the sake of completness? Personally, I don't much care how the problem gets solved, as long as it gets solved. The fundamental BGP problem has been known and discussed now for 20+ years and it is only getting more dire and ominous, day by day. Regards, rfg