back to article You're ARIN a laugh: Critical internet org accused of undercutting security over legal fears

A key internet infrastructure organization is undercutting efforts to make the internet more secure by insisting ISPs accept a legal agreement before using a security framework, critics charge. The org in question – US-based regional internet registry ARIN – argues that under American law, it has to have people consciously …

  1. Cronus

    It sucks but I don't blame them given how the US legal system works.

    1. -v(o.o)v-

      It is pretty ridiculous. Do DNS root servers require signing a legal document? No.

      A problem with those could lead to much larger problems.

      1. Robert Helpmann?? Silver badge
        Flame

        Hot Potato

        A problem with those could lead to much larger problems.

        The question isn't one of how hot the potato is but of who will end up holding it.

    2. Garymrrsn

      The US legal system is the Worlds leader at creating new and expensive forms of liability.

    3. sthen

      It would be reasonable for ARIN to require agreements from networks wanting to sign their routes disclaiming responsibility for problems caused by doing so. But (and I don't think it's made clear in the article) is that they are asking for agreement from people just wanting to fetch the ARIN TAL ("trust anchor locator" - similar to a CA certificate in the HTTPS world) to validate routes published by ARIN members.

      This is equivalent to a CA requiring an explicit agreement from *everybody in the world who wants to validate sites signed by them*. There actually is an example of this - cacert.org - as you might expect they aren't widely used!

      I am absolutely astonished that ARIN's members accept this (it's a regional monopoly so they can't just go and transfer their addresses to another RIR like RIPE or APNIC who handle this more sanely).

  2. gnarlymarley Bronze badge

    For example, ISPs are very unhappy with how DoH wraps DNS in encryption, preventing them from snooping on or manipulating it. And ARIN is worried that by hosting a service used to validate routing decisions, it could end up being held responsible when people are suddenly knocked offline.

    Ummm, I am not an ISP as one would say, but I do offer internet to my immediate family. My issue with DoH is that it is meant to bypass the bind DNS server I have setup. This means I once people start using it I will need to purchase a faster internet connection to work with all the stupid "prevent caching" ideas. Oh wait, my local squid proxy cache will probably "permanently" defeat any DoH setup attempts. So, maybe what I am saying is moot. I guess I will fall off the internet before I will ever use DoH.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019