In December of 2014 I wrote an article about a legal agreement that was discouraging network operators from implementing an important Internet security function. I am happy to report, the situation has improved: ARIN no longer requires operators explicitly accept a click-through agreement in order to access the Trust Anchor Locator (TAL).
Resource Public Key Infrastructure (RPKI) is a method to cryptographically sign BGP route origins as a way to prove that an Autonomous System is properly authorized to announce a specific set of prefixes. Alex Band previously discussed RPKI in BGP Origin Validation with RPKI: A RIR perspective.
In order to validate that routes are properly announced, an RPKI validator needs to collect Route Origin Authorizations (ROAs) which are the cryptographic objects describing the prefixes-to-ASN mapping. This is done via rsync from repositories, the TALs. Previously, American Registry for Internet Numbers (ARIN) was the only Regional Internet Registry (RIR) that required users to explicitly accept an agreement, the Relying Party Agreement or RPA, in order to access the TALs.
The operator community expressed much displeasure with this situation. On February 4th of this year, ARIN announced that the requirement to explicitly click to accept the agreement has been removed. As mentioned in the announcement, “access to and usage of ARIN’s TAL and RPKI repository data remains equally subject to the terms of the RPA.” Even with no change in the agreement, this is a step forward since the act of accepting the agreement was an impediment for some organizations.
Thank you to everyone who participated in various discussion on this topic and thank you to ARIN for listening to community feedback.