>>On Thu, Dec 4, 2014 at 7:51 AM, Bill Woodcock <wo...@pch.net> wrote: > >> > All the specific legal feedback I’ve heard is that this is a >> > liability >> > nightmare, and that everyone wants ARIN to take on all the >> > liability, but >> > nobody wants to pay for it.
WG] Has there been any actual discussion about how much "nobody" would have to pay for ARIN (or another party) to fix the balance of liability and provide a proper SLA that led to "no, I don't want to pay for that" responses from those who are expressing the concern, or is this just conjecture on your part? I know that despite being fairly vocal on the matter, I've not been party to any such discussion, though I know that ARIN fees and what services they provide for those fees is an ongoing discussion in other forums. The problem with free services is that often you get what you pay for when it comes to support, warranty, etc. There are plenty of models where you take something free, say FOSS, and then pay someone (Red Hat, ISC) to support it in order to manage the risk associated with putting it in the middle of your business-critical system. It gives you some determinism about what happens when it breaks or you need a feature, and recourse when it goes pear-shaped. I think there's room for discussion around how much an SLA-backed RPKI service might be worth to its potential customers, given its ability to either protect or badly break global routing. On 12/4/14, 11:33 AM, "Jay Ashworth" <j...@baylink.com> wrote: >Lawyers believe that their job is to tell you what not to do. > >Their *actual job* is to tell where risks lie, so that you can make >informed business decisions about which risks to take, and how to >allow for them WG] FWIW, I believe that my lawyers did their "actual" job. But as I said in my presentation, the combination of technical fragility and liability risk I incur if it breaks in a way that impacts my customers led me to decide that I'm not yet willing to bet my continued gainful employment on Route Origin Validation working well enough that the benefit of having it outweighs the risks. INAL, YMMV, void where prohibited, caveat lector, of course. Fixing the liability issues certainly removes one barrier to entry, but it's not the only one, and the technical issues are being worked in parallel. Wes George Anything below this line has been added by my company’s mail server, I have no control over it. ----------- This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.
