I understand why ARIN wants this -- I'm sure our legal folks would want
something similar if we were in their predicament (i.e., one more place
for indemnification against failures, compromises, actions of
[grand]parents, etc..), reading the current RPA makes this clear:
S.7 ...."You shall indemnify, defend, and hold harmless ARIN and CAs
and each of its respective parent and subsidiaries, each of their
respective predecessors, successors and assigns, each of their
respective employees, representatives, agents, attorneys, advisors,
trustees, directors, officers, managers, and members from any and all
claims, demands, disputes, actions, suits, proceedings, judgments,
damages, injuries, losses, expenses, costs and fees(including reasonable
attorneys’ fees and expenses), interests, fines and penalties of
whatever nature (collectively, “Claims”)"......
With the likes of grandparenting and the potential implications RPKI
could have on operational systems and real networks, this seems quite
prudent to me. Furthermore, I'm not sure how anyone that operates
infrastructure could be expected to take on liability where their
"parent" or others in the system could impact the service they provide,
and they could be liable. The joys of production...
it is an arin disease that opens the user to malware attack. just
say
no.
I'm not sure I understand how this "opens the user to malware attack",
could you please explain? I understand the DoS vector, this certainly
exists for all of RPKI, but I don't understand "malware attack" and
think if you have any additional text related to that it ought to be
reflected alongside the current DoS text in the Security Considerations.
-danny
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
