subject:"Software installation tools retrieving ARIN TAL \(was\: Re\: ARIN RPKI TAL deployment issues\)"

Software installation tools retrieving ARIN TAL (was: Re: ARIN RPKI TAL deployment issues)

2018-10-13 Thread John Curran

On 25 Sep 2018, at 3:34 PM, Job Snijders  wrote:
> ...
> What I'm hoping for is that there is a way for the ARIN TAL to be
> included in software distributions, without compromising ARIN's legal
> position.
> 
> Perhaps an exception for software distributors would already go a long
> way?
> 
>"You can include the ARIN TAL in your software distribution as long
>as you also include an unmodified copy of the
>https://www.arin.net/resources/rpki/rpa.pdf 
>  file alongside it."
> 
> Kind regards,

Job - 

While not exactly what you seek, we can get a bit closer to the goal – i.e. by 
eliminating the need for the user installing a software package to first go get 
the ARIN TAL and put it in the right place prior to running the installation 
software. 

To that end, the ARIN TAL page > has been revised with specific 
guidance –

Software Installation Tools

Software installation tools may download the ARIN TAL on behalf of a 
user after the user has confirmed their acceptance of the ARIN Relying Party 
Agreement (RPA) on the ARIN website.  This acceptance must require "agreement 
to the ARIN Relying Party Agreement 
(https://www.arin.net/resources/rpki/rpa.pdf)" and obtain a non-ambiguous 
affirmative action by clicking on, or the entry of, a word of agreement (such 
as  "yes" or "accept")

Example:
Attention: This package requires the download of the ARIN TAL and agreement to 
the ARIN Relying Party Agreement (RPA) 
(https://www.arin.net/resources/rpki/rpa.pdf).
Type "yes" to agree, and you can proceed with the ARIN TAL download: yes

We will continue to explore mechanisms for making ARIN’s RPKI repository more 
accessible to the community, but felt that this interim step could be 
accomplished promptly and was worth noting in a timely manner to those 
distributing RPKI software. 

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Re: Software installation tools retrieving ARIN TAL (was: Re: ARIN RPKI TAL deployment issues)

2018-10-13 Thread Job Snijders

Dear John,

I'd like to thank you and the ARIN team for these efforts - in doing so
I feel that ARIN recognises issues & concerns related to the
distribution of the ARIN RPKI TAL. Acknowledging a problem is the first
step to solving it!

On Sat, Oct 13, 2018 at 09:35:36AM -0400, John Curran wrote:
> On 25 Sep 2018, at 3:34 PM, Job Snijders  wrote:
> > ...
> > What I'm hoping for is that there is a way for the ARIN TAL to be
> > included in software distributions, without compromising ARIN's
> > legal position.
> > 
> > Perhaps an exception for software distributors would already go a
> > long way?
> 
> While not exactly what you seek, we can get a bit closer to the goal –
> i.e. by eliminating the need for the user installing a software
> package to first go get the ARIN TAL and put it in the right place
> prior to running the installation software. 
> 
> To that end, the ARIN TAL page
> https://www.arin.net/resources/rpki/tal.html has been revised with
> specific guidance –
> 
>   Software Installation Tools
> 
>   Software installation tools may download the ARIN TAL on behalf of a
>   user after the user has confirmed their acceptance of the ARIN
>   Relying Party Agreement (RPA) on the ARIN website.  This acceptance
>   must require "agreement to the ARIN Relying Party Agreement
>   (https://www.arin.net/resources/rpki/rpa.pdf)" and obtain a
>   non-ambiguous affirmative action by clicking on, or the entry of, a
>   word of agreement (such as  "yes" or "accept")
> 
> Example: Attention: This package requires the download of the ARIN TAL
> and agreement to the ARIN Relying Party Agreement (RPA)
> (https://www.arin.net/resources/rpki/rpa.pdf). Type "yes" to agree,
> and you can proceed with the ARIN TAL download: yes

In this approach I still observe an institutional barrier. If we take
DNSSEC as analogous concept, when installing & starting BIND, unbound,
NSD, knot, Microsoft DNS, or PowerDNS, no affirmative actions are
required.

It is also not clear to me how in context of fully automated
installation & deployment the paradigm of 'non-ambiguous affirmative
action' can exist. If we instruct orchastration software to say 'yes' to
whatever questions pop up what does that actually mean? It certainly no
longer adheres to the spirit of whatever it is that ARIN seeks.

Lastly - having to download a file ('requiring specific network
connectivity') in context of installation & deployment is always
inferior compared to bundling all required pieces into coherent software
packages.

> We will continue to explore mechanisms for making ARIN’s RPKI
> repository more accessible to the community, but felt that this
> interim step could be accomplished promptly and was worth noting in a
> timely manner to those distributing RPKI software.

Yes - please do. Providing guidance to software distributors does not
change some of the challenging contents of the RPA, nor does it address
the fundamental institutional barrier that separates the ARIN TAL from
the other RIR TALs.

Kind regards,

Job

Re: Software installation tools retrieving ARIN TAL (was: Re: ARIN RPKI TAL deployment issues)

2018-10-14 Thread Baldur Norddahl

Is the ARIN TAL copyrighted? Is it even copyrightable? It has no creative
value, which is a requirement in european law. Why would not RIPE just
include it like they do for every other RIR TAL?


lør. 13. okt. 2018 15.49 skrev Job Snijders :

> Dear John,
>
> I'd like to thank you and the ARIN team for these efforts - in doing so
> I feel that ARIN recognises issues & concerns related to the
> distribution of the ARIN RPKI TAL. Acknowledging a problem is the first
> step to solving it!
>
> On Sat, Oct 13, 2018 at 09:35:36AM -0400, John Curran wrote:
> > On 25 Sep 2018, at 3:34 PM, Job Snijders  wrote:
> > > ...
> > > What I'm hoping for is that there is a way for the ARIN TAL to be
> > > included in software distributions, without compromising ARIN's
> > > legal position.
> > >
> > > Perhaps an exception for software distributors would already go a
> > > long way?
> >
> > While not exactly what you seek, we can get a bit closer to the goal –
> > i.e. by eliminating the need for the user installing a software
> > package to first go get the ARIN TAL and put it in the right place
> > prior to running the installation software.
> >
> > To that end, the ARIN TAL page
> > https://www.arin.net/resources/rpki/tal.html has been revised with
> > specific guidance –
> >
> >   Software Installation Tools
> >
> >   Software installation tools may download the ARIN TAL on behalf of
> a
> >   user after the user has confirmed their acceptance of the ARIN
> >   Relying Party Agreement (RPA) on the ARIN website.  This acceptance
> >   must require "agreement to the ARIN Relying Party Agreement
> >   (https://www.arin.net/resources/rpki/rpa.pdf)" and obtain a
> >   non-ambiguous affirmative action by clicking on, or the entry of, a
> >   word of agreement (such as  "yes" or "accept")
> >
> > Example: Attention: This package requires the download of the ARIN TAL
> > and agreement to the ARIN Relying Party Agreement (RPA)
> > (https://www.arin.net/resources/rpki/rpa.pdf). Type "yes" to agree,
> > and you can proceed with the ARIN TAL download: yes
>
> In this approach I still observe an institutional barrier. If we take
> DNSSEC as analogous concept, when installing & starting BIND, unbound,
> NSD, knot, Microsoft DNS, or PowerDNS, no affirmative actions are
> required.
>
> It is also not clear to me how in context of fully automated
> installation & deployment the paradigm of 'non-ambiguous affirmative
> action' can exist. If we instruct orchastration software to say 'yes' to
> whatever questions pop up what does that actually mean? It certainly no
> longer adheres to the spirit of whatever it is that ARIN seeks.
>
> Lastly - having to download a file ('requiring specific network
> connectivity') in context of installation & deployment is always
> inferior compared to bundling all required pieces into coherent software
> packages.
>
> > We will continue to explore mechanisms for making ARIN’s RPKI
> > repository more accessible to the community, but felt that this
> > interim step could be accomplished promptly and was worth noting in a
> > timely manner to those distributing RPKI software.
>
> Yes - please do. Providing guidance to software distributors does not
> change some of the challenging contents of the RPA, nor does it address
> the fundamental institutional barrier that separates the ARIN TAL from
> the other RIR TALs.
>
> Kind regards,
>
> Job
>

Software installation tools retrieving ARIN TAL (was: Re: ARIN RPKI TAL deployment issues)

Re: Software installation tools retrieving ARIN TAL (was: Re: ARIN RPKI TAL deployment issues)

Re: Software installation tools retrieving ARIN TAL (was: Re: ARIN RPKI TAL deployment issues)

3 matches

Site Navigation

Mail list logo

Footer information