[arin-discuss] Fw: [arin-announce] Security Announcement

Lee Howard spiffnolee at yahoo.com
Wed Apr 16 07:07:15 EDT 2014


Thank you for verifying.


> 3) Enable CRL and OCSP checking 


I looked at www.arin.net, and saw certs.starfieldtech.com as the CA.
I did not find a AAAA for that server, or for crl.starfieldtech.com

I don't know of a CA that supports IPv6 for CRL or OCSP.  It would be nice if I could check the CRL on my IPv6-only connection as I try to access ARIN online.

Lee




----- Forwarded Message -----
From: ARIN <info at arin.net>
To: arin-announce at arin.net 
Sent: Tuesday, April 15, 2014 5:14 PM
Subject: [arin-announce] Security Announcement
 

ARIN is committed to the highest level of security for our production
environment and safeguarding our customers’ data. We are sure you are
aware that there has been a serious vulnerability with the underlying
SSL encryption technology that is widely used by both the industry and
at ARIN. This bug has been widely reported and called "Heartbleed".

http://www.us-cert.gov/ncas/current-activity/2014/04/08/OpenSSL-Heartbleed-Vulnerability

ARIN has investigated all of its systems and made the appropriate
corrections to reduce vulnerabilities; in this process we did not
discover any evidence of issues due to Heartbleed.

At this time we have no indication to suggest that any ARIN system or
customer account was compromised. However, because of the complexity of
this vulnerability, ARIN recommends that:

1) ARIN Online users change their passwords of their user accounts
2) Create new API keys and deactivate their existing API keys.
3) Enable CRL and OCSP checking within your tools that interact with SSL
encryption to ensure you are connecting to the correct site.



Please contact hostmaster at arin.net if you have any questions.

Regards,

Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)


_______________________________________________
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List (ARIN-announce at arin.net).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-announce
Please contact info at arin.net if you experience any issues.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-discuss/attachments/20140416/02be5a65/attachment.html>


More information about the ARIN-discuss mailing list