In message <[email protected]>, John Curran <[email protected]> wrote:
>On 5 Oct 2018, at 2:05 PM, Ronald F. Guilmette <[email protected]> >wrote: >> >> Would it be possible for ARIN to establish some kind of de minimis >> validation/authentication fee, enough to cover its costs, but not >> involving the acceptance of a complete LRSA? > >This is likely to be discussed by the ARIN Board in 2019, as a result of >the ongoing review of legal hurdles related to RPKI services. > >It's premature to speculate whether such is a reasonable mechanism >without a detailed legal analysis it wouldn't be the fee so much as >the associated services agreement that would likely be the challenging part >(i.e. the clause that's been cited as a hurdle is the disclaimer of >property rights, and a reversal in this area would have significant >implications for the community's ability to have any maintenance fees or >community-developed policy applied to these address blocks.) Thanks for the reply John. I probably should clarify that although, as I said, I do not have a dog in this fight -now-, there exists a finite non-zero chance that that may change in the forseeable and near-term future. In light of that possibility, and considering the content of this discussion thred so far, I am suddenly and accutely aware of my own utter and abject ignorance with respect to many, most, or all of the issues which this discussion has touched upon. Recognizing, as I do, that the PPML is not the best place for me to be seeking to cure my ignorance, I hope nontheless that no one here will begrudge me too much if I ask just a couple of additional naive (stupid?) but arguably pertinent questions: 1) I confess that I know virtually nothing about DNSSEC. I do know one thing however, which is that there's such a thing, in the world of domain names, as a "self signed" SSL certificate. Thus, my question: May the DNSSEC records applicable to rDNS for a given CIDR be self signed? If so, then might this be a way to deftly split the baby in two, allowing everyone who signs a contract with ARIN to have a chain of trust (for their rDNS) which is rooted in ARIN's trustworthyness, while still allowing those who wish to remain outside the tent to present to the world some less trustworthy but still DNSSEC-secured rNDS records? 2) John mentioned three separate considerations which, I infer, are the three things that typically motivate some legacy holders to remain outside of the tent, as it were, namely: a) property rights b) fees c) applicability of community-developed policies John and the whole ARIN team already have to deal with levels of complexity that would likely drive most humans mad in short order, and I am loath to suggest adding anything on top of that, but I can't help wondering if it might not be possible to bring more legacy holders into the tent if the above three things were contractually sliced and diced in ways that made contracts more palatable to holdouts. (For example, I can imagine that some folks might be OK with paying ordinary fees, but would be reluctant to sign away property rights... to the extent that any such alleged ``rights'' might have any real legal existance. Others might not want to pay full fees, but might be OK with contractually disavowing property rights.) And yes, that's a question. I just want to know if such (contractual) slicing and dicing has been considered as a way to get more holdouts into the tent. Regards, rfg _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
