> On Sep 26, 2018, at 7:16 AM, John Curran <jcur...@arin.net> wrote:
>
> On 26 Sep 2018, at 3:29 AM, Jared Mauch <ja...@puck.nether.net> wrote:
>>
>> The process for lets encrypt is fairly straightforward, it collects some
>> minimal information (eg: e-mail address, domain name) and then does all the
>> voodoo necessary. If ARIN were to make this request of the developers of
>> RPKI software, it would seem reasonable to have that passed to ARIN via some
>> API saying “b...@example.com” typed “Agree” to the ARIN TAL as part of the
>> initial installation of the software.
>
> Jared -
>
> Interesting point – thank you for the very clear elaboration of this
> particular issue.
John,
Thank you for listening :-)
> Would it suffice if ARIN made clear in its RPKI information that software
> installation tools may download the ARIN TAL on behalf of a party so long as
> the parry agrees to statement displayed which reads “This software utilizes
> information from the ARIN Certificate Authority, and such usage is subject to
> the ARIN Relying Party Agreement. Type ‘Agree’ to proceed” ?
I think this would help, but ideally you would allow people (software vendors)
to package the TAL and if they type ‘Agree’ it would allow use of it.
>> Please work with the developers for a suitable method to include the ARIN
>> TAL by default. Come up with the click-accept legalese necessary.
>>
>> Since you asked, here’s what they did with the CertBot that’s commonly used
>> by Lets Encrypt:
>>
>> (The first time you run the command, it will make an account, and ask for
>> an email and agreement to the Let’s Encrypt Subscriber Agreement; you can
>> automate those with --email and --agree-tos)
>
> Acknowledged; I believe that allowing something similar to enable software
> installation tools to download the ARIN TAL for a party should be relatively
> straightforward – I will research that asap.
Thank you! This and/or guidance to software developers about this being a
permissible action on their part. This should help improve things.
- Jared
