On 2023-09-13, Stuart Henderson <stu.li...@spacehopper.org> wrote: > On 2023-09-13, Lyndon Nerenberg (VE7TFX/VE6BBM) <lyn...@orthanc.ca> wrote: >> After some head bashing wondering why rpki-client wasn't >> finding our ROAs I discovered the system doesn't ship with >> ARINs tal file. So great swaths of RPKI data aren't getting >> downloaded. >> >> Why are those things? > > See the FILES section of the rpki-client(8) manual and the ARIN relying > party agreement. They weakened it a bit from the even more restrictive > version about a year ago but it still says > > "Notwithstanding the foregoing, You are specifically allowed to > publicly distribute the ARIN TAL, including by embedding the ARIN TAL in > relying party software; and You may make available to any third party > the information made available through the ORCP Services so long as > such use and disclosure is solely for informational purposes, namely > reporting, educational, research, summary or statistical purposes. You > are specifically prohibited from disclosure or redistribution of the > information made available through the ORCP Services for network routing > purposes, or for any purpose that is reliant on, or has an expectation > of, ongoing or uninterrupted availability of the ORCP Services." > > which to my eye is still not really compatible with rpki-client/bgpd > use. Other RIRs seem to manage to make their TALs available without > such terms which is why they're included, but for ARIN you'll need > to download it yourself.
Oh and there's this other bit, "9. MACHINE-READABLE FORMAT DISTRIBUTION. Notwithstanding the foregoing, you may make available to any third party the information made available through the ORCP Services in a machine-readable format for networking routing purposes subject to the following requirements: (a) the third party receiving such data has entered into a Relying Party Agreement with ARIN; or (b) You have passed through terms that are at least as protective of ARIN as the terms set forth in Article 5, 6 and 7 and Sections 8(a), 8(b), 8(c), and 8(f) to the third party receiving such data, via browse-wrap, clickwrap, or other manner for which such third party is legally obligated to said terms." This is from https://www.arin.net/resources/manage/rpki/rpa.pdf We can't ensure a) (and wouldn't want to). Some other rpki-related software does b) but OpenBSD is not in the business of getting users to agree to terms like that. (In particular, to be as useful with rpki-client as the other tals, it would need to be in base, so that would mean an agreement for anyone using the OS).
