On 26 Sep 2018, at 9:26 AM, Jared Mauch <ja...@puck.nether.net> wrote: >> On Sep 26, 2018, at 7:16 AM, John Curran <jcur...@arin.net> wrote: >> >> On 26 Sep 2018, at 3:29 AM, Jared Mauch <ja...@puck.nether.net> wrote: >>> >>> The process for lets encrypt is fairly straightforward, it collects some >>> minimal information (eg: e-mail address, domain name) and then does all the >>> voodoo necessary. If ARIN were to make this request of the developers of >>> RPKI software, it would seem reasonable to have that passed to ARIN via >>> some API saying “b...@example.com” typed “Agree” to the ARIN TAL as part of >>> the initial installation of the software. >> >> Jared - >> >> Interesting point – thank you for the very clear elaboration of this >> particular issue. > > John, > > Thank you for listening :-)
Jared - No problem at all – I work for you (i.e. the collective “you" on this mailing list.) >> Would it suffice if ARIN made clear in its RPKI information that software >> installation tools may download the ARIN TAL on behalf of a party so long as >> the parry agrees to statement displayed which reads “This software utilizes >> information from the ARIN Certificate Authority, and such usage is subject >> to the ARIN Relying Party Agreement. Type ‘Agree’ to proceed” ? > > I think this would help, but ideally you would allow people (software > vendors) to package the TAL and if they type ‘Agree’ it would allow use of it. Got it - I’ll look to this approach if at all possible. >>> Please work with the developers for a suitable method to include the ARIN >>> TAL by default. Come up with the click-accept legalese necessary. >>> >>> Since you asked, here’s what they did with the CertBot that’s commonly used >>> by Lets Encrypt: >>> >>> (The first time you run the command, it will make an account, and ask for >>> an email and agreement to the Let’s Encrypt Subscriber Agreement; you can >>> automate those with --email and --agree-tos) >> >> Acknowledged; I believe that allowing something similar to enable software >> installation tools to download the ARIN TAL for a party should be relatively >> straightforward – I will research that asap. > > Thank you! This and/or guidance to software developers about this being a > permissible action on their part. This should help improve things. Thanks for the thoughtful discussion - very helpful! /John John Curran President and CEO ARIN