wrt: I'd like it made clear during the presentation that indeed a strict reading of the current ARIN RPA would disallow such applications, but as noted earlier in this list, ARIN is quite willing to provide waiver for such statistic, status, and summary uses. If we can find a way to safely provide a blanket waiver in a future RPA, we will do so.
Absolutely. Your previous comment was that you might state "feel free to summarize our published data for such purposes." That covers many of the possible existing services - I will point to services that I wonder might still be a problem. But given the below, it might not be a concern anyway. wrt: Parties are free to replicate objects far and wide by any and all methods; it is simply validation that requires that they have accepted the RPA in the process of obtaining the TAL (which presumably occurs once during their initial setup.) Can I quote you on the "free to replicate objects far and wide by any and all methods" part? I am quite relieved. That would indeed reduce the impact! But I am also quite confused about how that works wrt the RPA language that prohibits "to engage in any activity: that ... transfers or in any way gives any other party Your access to or use of any ORCP Services" I did attempt to clarify that language with ARIN staff. Those discussions had left me and the others included with the impression that this language would not permit the data sharing. Your clarifying in a public forum is very useful. --Sandy ________________________________________ From: John Curran [[email protected]] Sent: Friday, November 09, 2012 9:52 AM To: Murphy, Sandra Cc: sidr wg list Subject: ARIN RPA presentation - Comments from ARIN Sandra - Regarding http://tools.ietf.org/agenda/85/slides/slides-85-sidr-14.pdf to be presentated later today: Page 10 - > Potential Impact > > • Operators have said to me “I don’t want to run anything. I just want to > click on a website somewhere” > > • There are already tools/sites that display stats and summaries > > • There are already tools/sites that display the certification status of > prefixes, that display the validity of BGP routes, etc. > > • Public services like Looking glass sites – extensions to report validity > > • Are these modes of use permitted under the ARIN RPA I'd like it made clear during the presentation that indeed a strict reading of the current ARIN RPA would disallow such applications, but as noted earlier in this list, ARIN is quite willing to provide waiver for such statistic, status, and summary uses. If we can find a way to safely provide a blanket waiver in a future RPA, we will do so. Page 13 - > Object Security Architecture & Use > > • Single authoritative source > > • – Transport security: source is single point of access > > • – Object security: Objects created by source can be mirrored by > anyone anywhere – global caches, regional, metro, ... > > • Would the ARIN RPA prevent this object security architecture and use I would also like it made clear during the presentation that the ARIN RPA does _not_ prevent the object security architecture, but does require that the participants in the model confirm _once_ that they follow the basic requirement of the PKIX architecture (per RFC 5280) of being aware of the applicable policy for ARIN's CA. Parties are free to replicate objects far and wide by any and all methods; it is simply validation that requires that they have accepted the RPA in the process of obtaining the TAL (which presumably occurs once during their initial setup.) In light of the above, I believe that the slides that follow ("Crazy Ideas to Reduce Impact") are both appropriately titled and are likely to have questionable effort/payback ratios. I apologize for sending these comments to the list rather than providing them via remote participation methods, but given the number and duration of sidr sessions today, I cannot be certain that I'll be online during the your presentation. Thanks! /John John Curran President and CEO ARIN _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
