In case people would like to compare notes to the way this is arranged in the RIPE NCC service region, here is the Resource Certification for non-RIPE NCC Members policy which has been in place since 2013:
https://www.ripe.net/publications/docs/ripe-596 This resulted in the implementation documented here: https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/resource-certification-rpki-for-provider-independent-end-users It essentially means that Provider Independent End Users and Legacy End Users can log into the RIPE NCC equivalent of ARIN Online and *only* manage RPKI, without having access to any other options. -Alex > On 13 Apr 2022, at 06:56, John Curran <jcur...@arin.net> wrote: > >> >> On 12 Apr 2022, at 11:38 PM, Doug Barton <do...@dougbarton.us> wrote: >> >> On 4/6/22 10:55 AM, John Curran wrote: >>> Interesting philosophy - historically ARIN customers have asked for >>> simplicity in the relationship; i.e. a single fee that encompasses all of >>> the services - in this way, an organization can utilize something without >>> having to “get new approval” and there’s no financial or service >>> disincentive for deployment of IPv6, IRR, RPKI, etc. >>> Feel free to propose an alternative structure if you think it makes sense - >>> the suggestion process would be a good step (but feel free to run for the >>> ARIN Board of Trustees if you want to really advocate for a different >>> approach.) >> >> John, >> >> I think you raise an interesting point here. From an outside perspective it >> seems to me that ARIN is using RPKI participation as leverage to get legacy >> space holders to sign an LRSA. You have mentioned in past messages that this >> is at least in part based on the desire to recover costs related to >> providing that service. So let's look creatively at the cost issue. >> >> Taking that claim at face value, I wonder if it's possible for ARIN to >> compromise slightly here, in the interest of encouraging the adoption of >> RPKI to the benefit of the Internet community. My suggestion is to open >> participation in RPKI to anyone with legacy space who is paying ARIN a fee >> for service, regardless of LRSA status. >> >> Someone else mentioned creating a lightweight agreement for legacy space >> holders who want RPKI, which I think is a good idea. I'm not up on the >> current contents of the LRSA, but I imagine that there is an indemnification >> clause. I would be surprised if your lawyers didn't want that for the >> situation I'm proposing as well. Being lawyers, I imagine that they can come >> up with other things too. :) But given that you're already contracting with >> these parties for other services, a "rider" for RPKI should be easily >> accomplished. > > Doug, we’re not contracting with these parties to provide any other > services…i.e. there’s nothing to "add a rider to”. > (Those who have any registration services agreement with ARIN already have > access to all services incl. RPKI) > > Based on feedback received over the years, we’ve revised the terms of RSA and > LRSA several times to provide for friendlier terms and conditions - at this > point they’re actually the same agreement (See > https://www.arin.net/vault/announcements/2015/20151007.html) > > We remain open to suggestions for improving the registration services > agreement for all of ARIN’s customers – if the community comes up with > further changes, we can incorporate (but that will need to be per a member > vote since we also, per community request, locked down the agreement so it > couldn’t be unilaterally changed by the ARIN.) > > ARIN’s RSA is structured appropriately for a not-for-profit membership > organization in which members have open participation and governance > mechanisms that help them shape the services, policies and fees that will be > provided. If one looks at the RSA expecting it to be a commercial services > agreement (e.g., such as one would receive for domain name hosting) then > indeed it is quite different, but that’s because the RiRs are structured as > five cooperating not-for-profit membership organizations that instantiate the > cooperation within the network operator community for a globally unique > Internet number registry, with agreements that have everyone joining the > registry system for that purpose. This works extremely well and meets the > expectations of many of the registry customers globally – but such a model > doesn’t align with the expectations voiced by some legacy resource holders. > > I also would like to see RPKI more widely deployed, and happy to work on > making the RSA “more lightweight” for all ARIN customers to the extent > possible, but that requires clearly articulated feedback on changes that need > to be made, including the reasoning. Those with legacy resources have been > receiving free basic services for nearly 25 years, and even now have a very > favorable cap on their annual ARIN fees if they do enter into an RSA – i.e., > there are incentives in place, and the situation for a legacy resource holder > who signed an RSA is actually more favorable than the 15000+ other ARIN > customers who don’t receive the more favorable terms. > > The good news is that this is ultimately in the hands of the ARIN membership, > so engagement with that community on further desired changes for legacy > resource holders is the best path forward. > > Thanks, > /John > > John Curran > President and CEO > American Registry for Internet Numbers