[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ARIN RPKI TAL deployment issues

Dear John,

On Tue, Sep 25, 2018 at 08:28:54PM +0000, John Curran wrote:
> On 25 Sep 2018, at 3:34 PM, Job Snijders <job at ntt.net> wrote:
> > 
> > On Tue, Sep 25, 2018 at 03:07:54PM -0400, John Curran wrote:
> >> On Sep 25, 2018, at 1:30 PM, Job Snijders <job at ntt.net> wrote:
> >>> 
> >>>   """Using the data, we can also see that the providers that have not
> >>>   downloaded the ARIN TAL. Either because they were not aware that
> >>>   they needed to, or could not agree to the agreement they have with
> >>>   it.
> >> 
> >> Is it possible to ascertain how many of those who have not downloaded
> >> the ARIN TAL are also publishing ROAâ??s via RIPEâ??s CA?
> > 
> > I'm sure we could extend the data set to figure this out. 
> It would be informative to know how many organizations potentially
> have concerns about the indemnification clause in the RPA but already
> agree to indemnification via RIPE NCC Certification Service Terms and
> Conditions.

This seems a matter of personal curiosity that perhaps distracts from
the problem at hand: the ARIN TAL is less widely deployed than the other

I'm open to solutions or suggestions to get the ARIN TAL more widely
distributed, however I do think that inclusion in the RPKI Cache
Validators is a *key* element, so the ARIN TAL can be used after a
default installation of such software.

We really need to bring it back down to "apt install rpki-cache-validator"
to best serve the interests of the ARIN members. Imagine the Chrome
browser shipping without any of the TLS Root Certificates, or Unbound
without the DNSSEC root key!

Kind regards,