On 12/04/2014 09:33, John Curran wrote: >> Review >> <http://www.apnic.net/services/manage-resources/digital-certificates/terms-and-conditions> >> >> wherein there is a limitation of liability and requirement that a >> recipient of any digital certificate >> will indemnify APNIC against any and all claims by third parties for >> damages of any kind arising >> from the use of that certificate. (last two bullets)
And as I mentioned to you in response, that final bullet applies to "recipients of certificates issued by APNIC," so I would expect it to apply to someone who has an EE cert for a set of resources, NOT to someone who is using a trust anchor locator to validate the EE cert and the ROAs derived from it. If you take the interpretation that anyone who validates an APNIC cert is indemnifying APNIC, then anyone who visits a website using TLS, where the website has an APNIC cert as its TLS cert, is also indemnifying APNIC. IANAL, but I don't think anyone would see such an interpretation as reasonable. At any rate, I discussed this at an RPKI workshop at the Internet2 Tech Exchange, and many of the EDU-types that I talked to there are in a similar boat as I am--their organizations flat-out won't let them sign such an agreement. We're not going to have any reasonable uptake of RPKI deployment with a TAL agreement like this one--it's a show stopper for many organizations. As always, I reserve the right to be wrong, and I look forward to seeing the results of the survey, which I have completed on behalf of my organization (ESnet, operated by the Lawrence Berkeley National Lab, which is in turn operated by the University of California). michael _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.