[ARIN-consult] Fwd: [ARIN-Suggestions] NEW ACSP 2018.3: Automatically Redirect Whois Queries to Secure URL

Owen DeLong owen at delong.com
Fri Mar 16 13:36:26 EDT 2018


I’m actually opposed to this.

First, whois lookups are a query against a public database. All information in the
database is currently public, so there is no possibility that the content of a whois
lookup is sensitive other than, perhaps, the person sending the query wishes their
query to be unknown. In that case, the person sending the query is fully empowered
to choose https if desired.

There is no reason to add SSL overhead to all queries just because.

Owen


> Begin forwarded message:
> 
> From: ARIN <info at arin.net>
> Subject: [ARIN-Suggestions] NEW ACSP 2018.3: Automatically Redirect Whois Queries to Secure URL
> Date: March 16, 2018 at 10:02:16 PDT
> To: arin-suggestions at arin.net
> 
> On 14 March 2018, we received a new ACSP 2018.3: Automatically Redirect
> Whois Queries to Secure URL.
> 
> https://www.arin.net/participate/acsp/suggestions/2018-3.html
> 
> Description: It appears possible to go to the insecure version of ARIN's
> whois by going to http://whois.arin.net. Would ARIN be willing
> auto-redirect users to the secure version, https://whois.arin.net, and
> additionally, consider using HSTS for this site, too?
> 
> Value to Community: Secures all WHOIS lookups, which could sometimes be
> potentially sensitive. It's also consistent with what ARIN has done with
> most of it's other public-facing websites.
> 
> Timeframe: Not specified
> 
> **
> 
> We are currently evaluating this suggestion, and will provide a response
> to the community as soon as it is available.
> 
> 
> Regards,
> 
> 
> Communications and Member Services
> American Registry for Internet Numbers (ARIN)
> 
> _______________________________________________
> arin-suggestions mailing list
> arin-suggestions at arin.net
> http://lists.arin.net/mailman/listinfo/arin-suggestions

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20180316/7e816c22/attachment.html>


More information about the ARIN-consult mailing list