[ARIN-consult] Consultation on ACSP 2018.3
Kevin Blumberg
kevinb at thewire.ca
Mon Apr 2 12:55:17 EDT 2018
John,
The blueprint that Frank laid out is very sensible and doesn’t impact programmatic access.
This should be an ongoing process of improvement. Once implemented you should have a much better sense of how often requests are coming in that are not https.
Thanks,
Kevin Blumberg
From: ARIN-consult <arin-consult-bounces at arin.net> On Behalf Of John Curran
Sent: Monday, April 2, 2018 9:07 AM
To: frnkblk at iname.com
Cc: <arin-consult at arin.net> <arin-consult at arin.net>
Subject: Re: [ARIN-consult] Consultation on ACSP 2018.3
Importance: High
On 2 Apr 2018, at 9:00 AM, frnkblk at iname.com<mailto:frnkblk at iname.com> wrote:
There’s been some great discussion on this topic. I’d like to suggest the following approach:
* No auto-redirection at this time
* But stop redirecting https://whois.arin.net<https://whois.arin.net/> to http://whois.arin.net/ui/, rather redirect them to https://whois.arin.net/ui. If they chose to go to the secure site, being redirected to the insecure site does not seem like a good idea.
* Make sure that all links from ARIN’s other sites to whois.arin.net<http://whois.arin.net/> are referring to the HTTPS one (that may already be the case, but I don’t know)
* Enable HSTS for whois.arin.net<http://whois.arin.net/> – if a web browser hits it intentionally then just keep doing it automatically.
* Provide some subtle feedback (perhaps an extra line/bar at the top of the page) to those web browsing the HTTP version of whois.arin.net<http://whois.arin.net/> to alert them that they are searching in the clear and provide a link to the secure version.
* Develop a long-term goal to migrate programmatic access to HTTPS
Frank -
Excellent strawman proposal for moving forward - thank you for taking the time to express it with clarity!
All -
Any specific objections or concerns with ARIN proceeding as proposed above?
Thanks!
/John
John Curran
President and CEO
ARIN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20180402/766f81d1/attachment.html>
More information about the ARIN-consult
mailing list