Change re ARIN RPKI Relying Party TAL access
NANOGers - One of the concerns raised at a previous NANOG was with respect to the need for an RPKI relying parties to explicitly accept ARIN's relying party agreement (RPA) - note that this has now been changed (per the attached announcement) Wile the RPA terms remain the same, it is no longer necessary to click-accept and provide an email in order to access ARIN's trust anchor locator (TAL). FYI, /John Begin forwarded message: From: ARIN <info@arin.net<mailto:info@arin.net>> Date: February 4, 2016 at 2:54:06 PM EST To: <arin-announce@arin.net<mailto:arin-announce@arin.net>> Subject: [arin-announce] RPKI Relying Party Update In response to community feedback, entities wishing to become relying parties and utilize ARIN's Trust Anchor Locator (TAL) and Resource Public Key Infrastructure (RPKI) repository information will no longer be required to "click to accept" ARIN's Relying Party Agreement (RPA) before doing so. Please note that access to and usage of ARIN's TAL and RPKI repository data remains equally subject to the terms of the RPA. To access the TAL, visit: www.arin.net/resources/rpki/tal.html<http://www.arin.net/resources/rpki/tal.html> Regards, John Curran President & CEO American Registry for Internet Numbers
Dear John, On Thu, Feb 04, 2016 at 08:15:29PM +0000, John Curran wrote:
One of the concerns raised at a previous NANOG was with respect to the need for an RPKI relying parties to explicitly accept ARIN's relying party agreement (RPA) - note that this has now been changed (per the attached announcement)
Wile the RPA terms remain the same, it is no longer necessary to click-accept and provide an email in order to access ARIN's trust anchor locator (TAL).
Can you explain in layman terms what the legal consequences of this change are? Kind regards, Job
On Feb 5, 2016, at 8:44 AM, Job Snijders <job@instituut.net> wrote:
Dear John,
On Thu, Feb 04, 2016 at 08:15:29PM +0000, John Curran wrote:
One of the concerns raised at a previous NANOG was with respect to the need for an RPKI relying parties to explicitly accept ARIN's relying party agreement (RPA) - note that this has now been changed (per the attached announcement)
Wile the RPA terms remain the same, it is no longer necessary to click-accept and provide an email in order to access ARIN's trust anchor locator (TAL).
Can you explain in layman terms what the legal consequences of this change are?
Job - As I noted, the Relying Party Agreement terms and conditions remain the same - we have simply eliminated the requirement for explicit agreement to it thru entry of your email and click-to-accept. We do not expect there is any legal consequences for relying parties as result of this change [1], only a question of convenience of access to the TAL as sought by the community. Thanks! /John John Curran President and CEO ARIN [1] The world of assenting to agreement terms is an interesting legal topic, and others may argue that changing from click-to-accept to binding by usage is material; such is the nature of legal matters.
On Fri, Feb 5, 2016 at 11:44 AM, Job Snijders <job@instituut.net> wrote:
Can you explain in layman terms what the legal consequences of this change are?
Hi Job, In layman's terms, the difference is that you're now free to deal with the RPKI TAL the same way you deal with the legal issues surrounding access to ARIN's public whois data -- by ignoring them but not being so dumb as to sue ARIN if something goes wrong. Note that I am not a lawyer, this is not legal advice and no lawyer will ever tell you to ignore legal ramifications even when practically speaking that's the correct thing to do. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
On Feb 5, 2016, at 10:52 AM, William Herrin <bill@herrin.us> wrote:
On Fri, Feb 5, 2016 at 11:44 AM, Job Snijders <job@instituut.net> wrote:
Can you explain in layman terms what the legal consequences of this change are?
Hi Job,
In layman's terms, the difference is that you're now free to deal with the RPKI TAL the same way you deal with the legal issues surrounding access to ARIN's public whois data -- by ignoring them but not being so dumb as to sue ARIN if something goes wrong.
Note that I am not a lawyer, this is not legal advice and no lawyer will ever tell you to ignore legal ramifications even when practically speaking that's the correct thing to do.
Bill - Note that we do send notices and follow up when we receive reports of egregious violations of the Whois terms of use, and will do similar for violation of the RPA terms of use. The terms don’t generally get in the way of what operators want to do, but I’d like to think that’s more of alignment of expectations rather than folks completely “ignoring them”. Thanks, /John John Curran President and CEO ARIN
participants (3)
-
Job Snijders -
John Curran -
William Herrin