[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ARIN RPKI TAL deployment issues
Dear John,
On Tue, Sep 25, 2018 at 08:28:54PM +0000, John Curran wrote:
> On 25 Sep 2018, at 3:34 PM, Job Snijders <job at ntt.net> wrote:
> >
> > On Tue, Sep 25, 2018 at 03:07:54PM -0400, John Curran wrote:
> >> On Sep 25, 2018, at 1:30 PM, Job Snijders <job at ntt.net> wrote:
> >>>
> >>> """Using the data, we can also see that the providers that have not
> >>> downloaded the ARIN TAL. Either because they were not aware that
> >>> they needed to, or could not agree to the agreement they have with
> >>> it.
> >>
> >> Is it possible to ascertain how many of those who have not downloaded
> >> the ARIN TAL are also publishing ROAâ??s via RIPEâ??s CA?
> >
> > I'm sure we could extend the data set to figure this out.
>
> It would be informative to know how many organizations potentially
> have concerns about the indemnification clause in the RPA but already
> agree to indemnification via RIPE NCC Certification Service Terms and
> Conditions.
This seems a matter of personal curiosity that perhaps distracts from
the problem at hand: the ARIN TAL is less widely deployed than the other
TALs.
I'm open to solutions or suggestions to get the ARIN TAL more widely
distributed, however I do think that inclusion in the RPKI Cache
Validators is a *key* element, so the ARIN TAL can be used after a
default installation of such software.
We really need to bring it back down to "apt install rpki-cache-validator"
to best serve the interests of the ARIN members. Imagine the Chrome
browser shipping without any of the TLS Root Certificates, or Unbound
without the DNSSEC root key!
Kind regards,
Job