[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ARIN RPKI TAL deployment issues



On 26 Sep 2018, at 6:42 AM, Tony Finch <dot at dotat.at> wrote:
> 
> John Curran <jcurran at arin.net> wrote:
>> On 26 Sep 2018, at 2:09 AM, Christopher Morrow <morrowc.lists at gmail.com<mailto:morrowc.lists at gmail.com>> wrote:
>>> 
>>> how is arin's problem here different from that which 'lets encrypt' is
>>> facing with their Cert things?
>> 
>> The â??Letâ??s encryptâ?? subscriber agreement (current version 1.2, 15 Nov
>> 2018) includes "indemnify and hold harmlessâ?? clause, and parties
>> affirmatively agree to those terms by requesting that ISRG issue a
>> "Letâ??s Encryptâ?? Certificate to you.
> 
> The difference is that the Let's Encrypt agreement is for people obtaining
> certificates from them. The ARIN equivalent would be the agreement for
> ARIN members.
> 
> Let's Encrypt does not require an agreement from relying parties (i.e.
> browser users), whereas ARIN does.


Tony - 

That is correct; I did not say that they were parallel situations, only pointing out that the Letâ??s Encrypt folks also go beyond simply providing services â??as isâ??, and require indemnification from those engaging their CA services, just as ARIN, RIPE, APNIC doâ?¦  

ARIN and APNIC go further by having indemnification by parties using information in the CA; in ARINâ??s case, this requires an explicit act of acceptance to be legally valid.

Thanks!
/John

John Curran
President and CEO
ARIN