From info at arin.net Wed Sep 4 13:36:19 2024 From: info at arin.net (ARIN) Date: Wed, 04 Sep 2024 13:36:19 -0400 Subject: [ARIN-consult] =?utf-8?q?NOW_CLOSED_=E2=80=93_Consultation_on_AP?= =?utf-8?q?I_Key_Handling?= Message-ID: >From 8 August to 23 August, ARIN held a Consultation (https://www.arin.net/participate/community/acsp/consultations/2024/2024-3/) seeking feedback from the community on a potential improvement to increase the security for Application Programming Interface (API) key handling, specifically allowing the option to pass API keys in the header of a Restful Payload, and to use IP address range bounding to limit the validity of an API key. The benefit of this potential improvement is that it would give users options to make their API keys more secure and bring ARIN in line with best practices for API key handling. After reviewing and discussing the comments received during the consultation, ARIN plans to add the option to pass the API key in the header of a RESTful payload. We will also investigate and scope the work needed to allow for IP address range bounding, noting that this feature should be available under Organization management tools to be managed by Admin or Tech Contacts. Both improvements will be queued for inclusion in the development roadmap. ARIN thanks those who provided valuable feedback on this consultation. We rely on this input from our members and community to help steer the organization as we continue our mission in support of the operation and growth of the Internet. Regards, John Curran President and CEO American Registry for Internet Numbers (ARIN) From dwcarder at es.net Wed Sep 4 14:07:41 2024 From: dwcarder at es.net (Dale W. Carder) Date: Wed, 4 Sep 2024 13:07:41 -0500 Subject: [ARIN-consult] Consultation on ARIN Online Change Notifications In-Reply-To: References: Message-ID: Thus spake ARIN (info at arin.net) on Mon, Aug 26, 2024 at 11:19:33AM -0400: > ARIN is seeking feedback from the community on a potential improvement (https://www.arin.net/participate/community/acsp/consultations/2024/2024-4/), suggested by a community member, that ARIN create a modern mechanism that allows resource holders to be notified of any changes to resources or accounts they manage. > > The stated benefit of this potential improvement is that it would allow greater control over valuable resources and increase the accuracy of ARIN?s database. There would be additional security and change-management benefits as well, as I see was somewhat outlined as motivating factors in ACSP 2024.11. > We have identified two options to create these notifications: > > Email - The least "modern" option, but this would be consistent with other ARIN notifications, and mirrors what is available through the other Regional Internet Registries (RIRs). This would take approximately three months to develop once work is scheduled. This also mirrors what is available from some non-authoritative IRR offerings as well. I agree email is hardly modern, but it may be the current state of affairs that NOC operations / security / abuse / hostmaster type stuff is already used to handling and for which processes already exist or could be easily developed. Like those roles above which are often separate at some Orgs, this new email notification type should allow specification of an individual or role that might be dedicated for this use. For example, we might set up an email role where on our end that would go into a dedicated ticket queue which would minimally log such actions from a change management perspective or potentially be reviewed / trigger a security audit. > REST endpoint - ARIN can define a REST endpoint, and customers would have to develop/deploy and then provide us the URL to send notifications to. This would take approximately six months to develop once work is scheduled. This does sound modern! I would not want to discount those who have the operations scale and capability to make use of it. For Orgs not of that scale, unless this was a capability already baked into shrinkwrap operations offerings I would doubt folks would realistically develop and support this in-house. > These options vary in complexity to develop, and the level of effort required for customer adoption. We are interested in community feedback on the value of a change notification feature and thoughts on the possible delivery methods described or others you may suggest. > > Please provide comments to arin-consult at arin.net. You can subscribe to this mailing list at https://lists.arin.net/mailman/listinfo/arin-consult > > This consultation will remain open until 5:00 PM ET on 9 September. ARIN seeks clear direction through community input, so your feedback is important. > > Thank you for your continued support to improve ARIN's services. Thanks for the consultation! Dale -- Dale W. Carder Energy Sciences Network (ESnet) Lawrence Berkeley National Laboratory U.S. Department of Energy From farmer at umn.edu Wed Sep 4 15:11:27 2024 From: farmer at umn.edu (David Farmer) Date: Wed, 4 Sep 2024 14:11:27 -0500 Subject: [ARIN-consult] Consultation on ARIN Online Change Notifications In-Reply-To: References: Message-ID: Developing these capabilities would be helpful and increase security and awareness of changes. As others have suggested, please prioritize Email over the API for development. Email notifications of changes should be enabled or disabled on a per-POC and Organization basis, and you should also be able to set an alternate Email address for them. This latter point is critical, as email is a common mechanism that integrates with many third-party systems, such as ticketing or messaging systems like Slack. Thanks On Mon, Aug 26, 2024 at 10:19?AM ARIN wrote: > ARIN is seeking feedback from the community on a potential improvement ( > https://www.arin.net/participate/community/acsp/consultations/2024/2024-4/), > suggested by a community member, that ARIN create a modern mechanism that > allows resource holders to be notified of any changes to resources or > accounts they manage. > > The stated benefit of this potential improvement is that it would allow > greater control over valuable resources and increase the accuracy of ARIN?s > database. > > We have identified two options to create these notifications: > > Email - The least ?modern? option, but this would be consistent with other > ARIN notifications, and mirrors what is available through the other > Regional Internet Registries (RIRs). This would take approximately three > months to develop once work is scheduled. > > REST endpoint ? ARIN can define a REST endpoint, and customers would have > to develop/deploy and then provide us the URL to send notifications to. > This would take approximately six months to develop once work is > scheduled. > > These options vary in complexity to develop, and the level of effort > required for customer adoption. We are interested in community feedback on > the value of a change notification feature and thoughts on the possible > delivery methods described or others you may suggest. > > Please provide comments to arin-consult at arin.net. You can subscribe to > this mailing list at https://lists.arin.net/mailman/listinfo/arin-consult > > This consultation will remain open until 5:00 PM ET on 9 September. ARIN > seeks clear direction through community input, so your feedback is > important. > > Thank you for your continued support to improve ARIN's services. > > > Regards, > > John Curran > President and CEO > American Registry for Internet Numbers (ARIN) > > > > > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN > Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > https://lists.arin.net/mailman/listinfo/arin-consult Please contact the > ARIN Member Services > Help Desk at info at arin.net if you experience any issues. > -- =============================================== David Farmer Email:farmer at umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 =============================================== -------------- next part -------------- An HTML attachment was scrubbed... URL: From info at arin.net Mon Sep 16 10:50:50 2024 From: info at arin.net (ARIN) Date: Mon, 16 Sep 2024 10:50:50 -0400 Subject: [ARIN-consult] =?utf-8?q?NOW_CLOSED_=E2=80=93_Consultation_on_AR?= =?utf-8?q?IN_Online_Change_Notifications?= Message-ID: <6AB56F8B-3680-405C-AA4D-FCF48268D58A@arin.net> >From 26 August to 9 September, ARIN conducted a consultation (https://www.arin.net/participate/community/acsp/consultations/2024/2024-4/) to gather community feedback on potential options for implementing change notifications for resource holders in ARIN Online. The two options presented were email notifications or the creation of a REST endpoint. Based on the feedback received, there was strong support for implementing email notifications as the initial and most broadly useful option for ARIN customers. Email was favored due to its ease of adoption, integration capabilities with existing systems, and practicality for organizations of all sizes. While there was recognition of the potential benefits of a REST endpoint for larger organizations with more advanced needs, the consensus was that this option could be considered in a future phase after the successful deployment of email notifications. After carefully reviewing and discussing the comments received, ARIN plans to prioritize the development of email notifications for ARIN Online changes, including flexible options such as per-Point of Contact (POC) and per-organization configuration, the ability to specify alternate email addresses, and potential use of X-Headers to improve filtering and processing. Regards, John Curran President and CEO American Registry for Internet Numbers (ARIN) From info at arin.net Fri Sep 20 15:16:23 2024 From: info at arin.net (ARIN) Date: Fri, 20 Sep 2024 15:16:23 -0400 Subject: [ARIN-consult] Consultation for the Retirement of FTP Protocol Use at ARIN Message-ID: <156050F9-3FD5-40FC-8AE9-CC598C465BC5@arin.net> ARIN is seeking feedback from the community (https://arin.net/participate/community/acsp/consultations/2024/2024-5/) on retiring FTP protocol support, which serves data from ftp.arin.net.?ARIN has operated an FTP protocol service for various reports and templates since its inception. All the data that is currently provided via FTP is also available over HTTP and HTTPS. ARIN is working to remove redundant and seldom-used services to allow future efforts to focus on the improvement of core services, reduce residual technical debt, and increase our security posture. Removing the FTP protocol aligns with these objectives. ARIN will not remove the data or change the existing directory structure. HTTP/HTTPS transport will continue to reference the data as it does today. ARIN intends to remove FTP protocol support on or after 31 March 2025. We are interested in knowing: - If there are ARIN customers who have a reliance on FTP that cannot be satisfied by obtaining data from ARIN via HTTP/HTTPS? - Does setting the date for 31 March 2025 provide sufficient time for customers who use FTP to move to HTTP/HTTPS? Please provide comments to?arin-consult at arin.net. You can subscribe to this mailing list at?https://lists.arin.net/mailman/listinfo/arin-consult. This consultation will remain open until 5:00 PM ET on 4 October. ARIN seeks clear direction through community input, so your feedback is important. This information will help with our planning and decision making. Thank you for your continued support to improve ARIN?s services. Regards, John Curran President and CEO American Registry for Internet Numbers (ARIN) From bill at herrin.us Sat Sep 21 03:59:03 2024 From: bill at herrin.us (William Herrin) Date: Sat, 21 Sep 2024 00:59:03 -0700 Subject: [ARIN-consult] Consultation for the Retirement of FTP Protocol Use at ARIN In-Reply-To: <156050F9-3FD5-40FC-8AE9-CC598C465BC5@arin.net> References: <156050F9-3FD5-40FC-8AE9-CC598C465BC5@arin.net> Message-ID: On Fri, Sep 20, 2024 at 12:16?PM ARIN wrote: > ARIN is working to remove redundant and seldom-used services > to allow future efforts to focus on the improvement of core services, > reduce residual technical debt, and increase our security posture. > Removing the FTP protocol aligns with these objectives. > > ARIN intends to remove FTP protocol support on or after 31 March 2025. We are interested in knowing: Howdy. Do you have any data indicating how often files are downloaded via FTP? And from how many different sources files are downloaded over the year? I personally see no need for old-school FTP to exist in any capacity in 2025. However, operating an FTP site is not especially difficult and if I were still using FTP for anything it would be because it was wrapped inside an unmaintained legacy bit of software that would be challenging for me to update. Regards, Bill Herrin -- William Herrin bill at herrin.us https://bill.herrin.us/ From irosen at gmail.com Sun Sep 22 09:57:58 2024 From: irosen at gmail.com (Ido Rosen) Date: Sun, 22 Sep 2024 06:57:58 -0700 Subject: [ARIN-consult] Deprecation of FTP Message-ID: Hello, If you are to deprecate FTP, please consider providing an alternative that allows for easier delta synchronization/mirroring and diiffing. The best such alternative today would be either the rsync protocol or git. Best wishes, Ido -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Sun Sep 22 13:36:04 2024 From: jcurran at arin.net (John Curran) Date: Sun, 22 Sep 2024 17:36:04 +0000 Subject: [ARIN-consult] Deprecation of FTP In-Reply-To: References: Message-ID: <8E30DB89-72F2-4AFA-B234-FE2799897594@arin.net> Ido - Excellent point. Do you presently use FTP to maintain a sync?d copy of the data? /John John Curran President and CEO American Registry for Internet Numbers > On Sep 22, 2024, at 9:57?AM, Ido Rosen wrote: > > Hello, > If you are to deprecate FTP, please consider providing an alternative that allows for easier delta synchronization/mirroring and diiffing. The best such alternative today would be either the rsync protocol or git. > > Best wishes, > Ido > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > https://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. From jcurran at arin.net Mon Sep 23 16:03:03 2024 From: jcurran at arin.net (John Curran) Date: Mon, 23 Sep 2024 20:03:03 +0000 Subject: [ARIN-consult] Consultation for the Retirement of FTP Protocol Use at ARIN In-Reply-To: References: <156050F9-3FD5-40FC-8AE9-CC598C465BC5@arin.net> Message-ID: On Sep 21, 2024, at 3:59?AM, William Herrin wrote: On Fri, Sep 20, 2024 at 12:16?PM ARIN wrote: ARIN is working to remove redundant and seldom-used services to allow future efforts to focus on the improvement of core services, reduce residual technical debt, and increase our security posture. Removing the FTP protocol aligns with these objectives. ARIN intends to remove FTP protocol support on or after 31 March 2025. We are interested in knowing: Howdy. Do you have any data indicating how often files are downloaded via FTP? And from how many different sources files are downloaded over the year? Bill - Good question - It appears that most of the data is extended delegation statistics files (ref: https://www.arin.net/reference/research/statistics/nro_stats/_) Looking at the most recent data ? Files Served via FTP: In the Month of August, there were 396,930 files served from 17,334 unique IP addresses. (3,438 unique files downloaded during this period.) A significant portion of these downloads consisted of: ? ARIN?s extended stats (116,673 downloads) ? Mirrors of extended stats from other RIRs (53,289 downloads) HTTP/HTTPS Traffic for the Same FTP Data: ? We also analyzed one week of HTTP/HTTPS traffic to ftp.arin.net from August 25th to August 31st. During this week: ? 27,185 unique IPs accessed the site, resulting in 265,329 downloads. ? Extrapolating this to a full month, the data would suggest approximately 1M downloads via HTTP/HTTPS / month. Thanks! /John John Curran President and CEO American Registry for Internet Numbers -------------- next part -------------- An HTML attachment was scrubbed... URL: From owen at delong.com Mon Sep 23 19:13:50 2024 From: owen at delong.com (Owen DeLong) Date: Mon, 23 Sep 2024 16:13:50 -0700 Subject: [ARIN-consult] Consultation for the Retirement of FTP Protocol Use at ARIN In-Reply-To: References: Message-ID: <52983C77-B6BC-4724-8C32-8986402EA65B@delong.com> It seems reasonable to me to retire ftp in favor of http(s). Please make sure that the RIR mirrors of extended data are migrated prior to retirement, however. Thanks, Owen > On Sep 23, 2024, at 13:03, John Curran wrote: > > ? >> On Sep 21, 2024, at 3:59?AM, William Herrin wrote: >> >>> On Fri, Sep 20, 2024 at 12:16?PM ARIN wrote: >>> ARIN is working to remove redundant and seldom-used services >>> to allow future efforts to focus on the improvement of core services, >>> reduce residual technical debt, and increase our security posture. >>> Removing the FTP protocol aligns with these objectives. >>> >>> ARIN intends to remove FTP protocol support on or after 31 March 2025. We are interested in knowing: >> >> Howdy. >> >> Do you have any data indicating how often files are downloaded via >> FTP? And from how many different sources files are downloaded over the >> year? > > Bill - > > Good question - It appears that most of the data is extended delegation statistics files (ref: https://www.arin.net/reference/research/statistics/nro_stats/_) > > Looking at the most recent data ? > > Files Served via FTP: > In the Month of August, there were 396,930 files served from 17,334 unique IP addresses. > (3,438 unique files downloaded during this period.) > A significant portion of these downloads consisted of: > ? > ARIN?s extended stats (116,673 downloads) > ? > Mirrors of extended stats from other RIRs (53,289 downloads) > > HTTP/HTTPS Traffic for the Same FTP Data: > ? > We also analyzed one week of HTTP/HTTPS traffic to ftp.arin.net from August 25th to August 31st. During this week: > ? > 27,185 unique IPs accessed the site, resulting in 265,329 downloads. > ? > Extrapolating this to a full month, the data would suggest approximately 1M downloads via HTTP/HTTPS / month. > > Thanks! > /John > > John Curran > President and CEO > American Registry for Internet Numbers > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (ARIN-consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > https://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: