[RPKI-Discuss] Cloudflare's new RPKI Invalid Beacons

[Ben Maddison]

On Sat, 2020-04-18 at 16:26 +0300, Frank Habicht wrote:

> On 18/04/2020 16:16, Job Snijders wrote:

> > On Sat, Apr 18, 2020 at 04:00:57PM +0300, Frank Habicht wrote:

> > > On 18/04/2020 15:55, Willy Manga wrote:

> > > > 

> > > > Validators are not up to date ?

> > > 

> > > seems to be because not all like ARIN's legal conditions for

> > > their TAL.

> > 

> > it is an interesting problem

> > 

> > https://www.theregister.co.uk/2019/10/28/arin_rpki_open_source/

> 

> some say the legal conditions of ARIN are unreasonable and ARIN

> should

> just give their resource holders the same security that other RIRs

> give...

> 

Yup. I'm one of these ones.


> some say ARIN have most IPv4 resources and it's not a real legal

> risk,

> so why not give more security to arin-registered resources, and agree

> to

> the legalese.

> 

There are two subcategories here:

1. ARIN members, who have an existing RSA anyway, and which contains an
indemnification similar to the RPA. There is probably no additional
legal risk in agreeing to the RPA in this case.
Those in this category:
- MAY wish to rely on the ARIN TAL to perform validation locally;
- SHOULD NOT go around telling non-ARIN-members that there is no risk
in the RPA and the ARIN TAL should be used blindly.
 
2. People who haven't read/understood the RPA and/or haven't shown it
to their lawyers but use the ARIN TAL anyway.
Those in this category:
- MAY be screwed if/when something bad happens.

m2c,

Ben