[arin-announce] X.509 Certificates to be Deprecated [Follow-up for clarity]

[John Curran]

On May 28, 2010, at 10:11 AM, Member Services wrote:
> 
> ARIN is in the process of transitioning many of our current services to the new web-based ARIN Online platform.  Because the web-based platform will use a more secure authentication model, ARIN will be deprecating support for X.509 certificates. After 28 May 2010, ARIN will not accept new requests for X.509 certificates. ARIN will continue supporting the use of X.509 certificates for user authentication until late 2010. After that time, all transactions with X.509 signatures will no longer be authenticated. We encourage people who are using X.509 to either move to PGP (Pretty Good Privacy) or to use ARIN Online as new features become available.  

For clarity and avoidance of doubt, this announcement only 
pertains to the use of the X.509 authentication method for
submission of transactions to ARIN.  An extremely small number
of organizations had ever made use of the X.509 authentication 
method for submitting transactions, and it was not cost-effective 
to continue to develop and support it as we move to the more 
general purpose and more secure ARIN Online model.

This announcement does not relate in any manner to the ongoing 
development and deployment of RPKI services (which provides for
providing digital certificates for number resources.) The RPKI 
project moving full speed ahead; for details, refer to the 
"Upcoming Services - DNSSEC and RPKI" presentation given by 
ARIN's CTO Mark Kosters at the recent Toronto Public Meeting:

<https://www.arin.net/participate/meetings/reports/ARIN_XXV/PDF/Monday/Kosters_DNSSEC_RPKI.pdf>

Thanks!
/John

John Curran
President and CEO
ARIN