Analysis A key internet infrastructure organization is undercutting efforts to make the internet more secure by insisting ISPs accept a legal agreement before using a security framework, critics charge.
The org in question – US-based regional internet registry ARIN – argues that under American law, it has to have people consciously accept its terms and conditions for them to be legally binding.
At the heart of the issue is a relatively new system, known as Resource Public Key Infrastructure (RPKI), which was developed by the global regional internet registries (RIRs) that are responsible for overseeing and allocating IP addresses.
If there is a conflict – in that, an unexpected and non-validated route for internet traffic opens up – then either someone has misconfigured their network, or they are purposefully misrepresenting themselves online, possibly to intercept or block packets.
But if misconfigured, and an ISP's connectivity relies upon the RPKI system, the broadband provider risks cutting off its users entirely if the service breaks: something that is almost certain to happen at some point.
As such, ARIN is insisting on a legal agreement that effectively shifts liability for misconfiguration onto ISPs.