[ARIN-consult] Consultation on ACSP 2018.3
David Farmer
farmer at umn.edu
Mon Apr 2 13:51:35 EDT 2018
The only thing I would add is a bullet for regular reporting. Stats should
get reported at every ARIN meeting for while, like maybe the next 3-5
meetings.
In the past, Mark Kosters regularly reported Whois stats for a while,
Classic Whois (TCP port 43) vs. http (REST) Whois, if I remember
correctly. Maybe report on Classic Whois vs. http Whois vs. https Whois.
I'll also note that I personally doubt Classic Whois will every completely
go away, at least not anytime soon. So while Classic Whois (TCP port
43) remains
available, unencrypted access to Whois will remain available even if all
http Whois is eventually redirected to https Whois.
Thanks.
On Mon, Apr 2, 2018 at 11:55 AM, Kevin Blumberg <kevinb at thewire.ca> wrote:
> John,
>
>
>
> The blueprint that Frank laid out is very sensible and doesn’t impact
> programmatic access.
>
>
> This should be an ongoing process of improvement. Once implemented you
> should have a much better sense of how often requests are coming in that
> are not https.
>
>
> Thanks,
>
>
>
> Kevin Blumberg
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *From:* ARIN-consult <arin-consult-bounces at arin.net> *On Behalf Of *John
> Curran
> *Sent:* Monday, April 2, 2018 9:07 AM
> *To:* frnkblk at iname.com
> *Cc:* <arin-consult at arin.net> <arin-consult at arin.net>
> *Subject:* Re: [ARIN-consult] Consultation on ACSP 2018.3
> *Importance:* High
>
>
>
> On 2 Apr 2018, at 9:00 AM, frnkblk at iname.com wrote:
>
>
>
> There’s been some great discussion on this topic. I’d like to suggest the
> following approach:
>
> - No auto-redirection at this time
> - But stop redirecting https://whois.arin.net to http://whois.arin.
> net/ui/, rather redirect them to https://whois.arin.net/ui. If they
> chose to go to the secure site, being redirected to the insecure site does
> not seem like a good idea.
> - Make sure that all links from ARIN’s other sites to whois.arin.net are
> referring to the HTTPS one (that may already be the case, but I don’t know)
> - Enable HSTS for whois.arin.net – if a web browser hits it
> intentionally then just keep doing it automatically.
> - Provide some subtle feedback (perhaps an extra line/bar at the top
> of the page) to those web browsing the HTTP version of whois.arin.net to
> alert them that they are searching in the clear and provide a link to the
> secure version.
> - Develop a long-term goal to migrate programmatic access to HTTPS
>
>
>
>
>
> Frank -
>
>
>
> Excellent strawman proposal for moving forward - thank you for taking
> the time to express it with clarity!
>
>
>
> All -
>
>
>
> Any specific objections or concerns with ARIN proceeding as proposed
> above?
>
>
>
> Thanks!
>
> /John
>
>
>
> John Curran
>
> President and CEO
>
> ARIN
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> ARIN-Consult
> You are receiving this message because you are subscribed to the ARIN
> Consult Mailing
> List (ARIN-consult at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-consult Please contact the
> ARIN Member Services
> Help Desk at info at arin.net if you experience any issues.
>
--
===============================================
David Farmer Email:farmer at umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 612-626-0815
Minneapolis, MN 55414-3029 Cell: 612-812-9952
===============================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20180402/e68ea27b/attachment.html>
More information about the ARIN-consult
mailing list