[ARIN-consult] Consultation on ACSP 2018.3

David Farmer farmer at umn.edu
Wed Mar 28 17:33:22 EDT 2018


On Wed, Mar 28, 2018 at 4:16 PM, ARIN <info at arin.net> wrote:

> ...
> Question:  Should ARIN automatically redirect user Whois queries made
> via "http" to "https"?
>

No, ARIN should not automatically redirect Whois queries made via "http" to
"https". Insecure Whois queries made via "http", need to be allowed.  Maybe
a warning could be provided, with a link to direct the whois query to
"https".

Question:  If ARIN redirects http to https requests, should ARIN then
> use HSTS for web-based Whois queries?
>

HSTS should be provided for Whois queries made via "https", even though I
don't think Whois queries made via "http" should be automatically
redirected to "https".

Thanks.

-- 
===============================================
David Farmer               Email:farmer at umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20180328/fcbd08c9/attachment.html>


More information about the ARIN-consult mailing list