[arin-announce] Reminder--Upcoming Security Improvements and Change to RDAP URL

ARIN info at arin.net
Wed Jan 20 10:09:03 EST 2021


This announcement is to remind you of previously-announced changes that ARIN is making, including the following:

- security improvements for Whois-RWS, RDAP, and www.arin.net, scheduled for on or about 19 February 2021
- change of address to the Registration Data Access Protocol (RDAP) bootstrap server, scheduled for on or about 30 June 2021

More information is provided in this announcement.

*Security Improvements for WhoWhois-RWS, RDAP, and www.arin.net*

As announced on 22 October 2020 and 2 December 2020, upcoming security improvements for Whois-RWS, RDAP, and www.arin.net are scheduled to be completed on or around 19 February 2021. The following information is from the previous announcement:

Earlier this year, ARIN implemented security enhancements that included ending support for TLS 1.0 for Whois-RWS and RDAP services and improving ciphers used in www.arin.net. As part of our continuing effort to improve security, on or around 19 February 2021, we will end support for TLS 1.1 and weak Diffie-Hellman (DH) key exchange parameters on www.arin.net, Whois-RWS, and RDAP. We will also update the ciphers available on Whois-RWS and RDAP to match those on www and reg.arin.net. The removal of TLS 1.1 may impact the way you interface programmatically with ARIN to query and retrieve information from Whois-RWS and RDAP.

Changes in our supported versions of TLS are due to well-known security issues with this protocol. More information is available at https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/  . ARIN continues to support TLS 1.2. The cipher update satisfies ACSP Suggestion 2015.15: Improvements to SSL Security for whois.arin.net.

We are providing you advance notice of these changes, as you may need to make configuration or code changes on your clients that interface with Whois-RWS and RDAP services. We encourage you to make these changes so you will have no operational impact when we disable the vulnerable transport protocol version.

*RDAP Bootstrap Server Change of Address*

As announced on 21 November 2020 and 16 December 2020, the ARIN Registration Data Access Protocol (RDAP) Bootstrap server address is changing. The following information is from the previous announcement:

ARIN is changing the address of our Registration Data Access Protocol (RDAP) bootstrap server from https://rdap.arin.net/bootstrap to https://rdap-bootstrap.arin.net/bootstrap. A bootstrap server is used to forward queries from users seeking registration data for Internet resources to another server that can provide more detailed registration information about that resource. The address of the bootstrap server is used in the “query URL” sent from a client application or entered into a command-line query by a user.

ARIN has set up a redirect to automatically route queries from the old URL to the new URL when support for the old URL is ended. The old URL will be retired on 30 June 2021, and the redirect will be active. However, it is important to note we can’t guarantee the redirect will be respected by all clients. In order to avoid any problems, queries should be changed to use the new URL, https://rdap-bootstrap.arin.net/bootstrap, as soon as possible.

More information about how the bootstrap URL works and this upcoming change can be found on TeamARIN at https://teamarin.net/2020/12/11/buckle-up-change-of-address-coming-for-arins-bootstrap-server/. If you have questions or comments about this change, please submit an Ask ARIN ticket using your ARIN Online account, or contact the Registration Services Help Desk by phone Monday through Friday, 7:00 AM to 7:00 PM ET at +1.703.227.0660.

Regards,

Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)




More information about the ARIN-announce mailing list