<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:10pt"><div><span>Thank you for verifying.</span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br>> 3) Enable CRL and OCSP checking <br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">I looked at www.arin.net, and saw certs.starfieldtech.com as the
CA.</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">I did not find a AAAA for that server, or for crl.starfieldtech.com</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">I don't know of a CA that supports IPv6 for CRL or OCSP. It would be nice if I could check the CRL on my IPv6-only connection as I try to access ARIN online.</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px;
font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">Lee<br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div><br></div> <div style="font-family: times new roman, new york, times, serif; font-size: 10pt;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"> <div dir="ltr"> ----- Forwarded Message -----<br> <font face="Arial" size="2"> <b><span style="font-weight:bold;">From:</span></b> ARIN <info@arin.net><br> <b><span style="font-weight: bold;">To:</span></b> arin-announce@arin.net <br> <b><span style="font-weight:
bold;">Sent:</span></b> Tuesday, April 15, 2014 5:14 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> [arin-announce] Security Announcement<br> </font> </div> <div class="y_msg_container"><br>ARIN is committed to the highest level of security for our production<br>environment and safeguarding our customers’ data. We are sure you are<br>aware that there has been a serious vulnerability with the underlying<br>SSL encryption technology that is widely used by both the industry and<br>at ARIN. This bug has been widely reported and called "Heartbleed".<br><br><a href="http://www.us-cert.gov/ncas/current-activity/2014/04/08/OpenSSL-Heartbleed-Vulnerability" target="_blank">http://www.us-cert.gov/ncas/current-activity/2014/04/08/OpenSSL-Heartbleed-Vulnerability</a><br><br>ARIN has investigated all of its systems and made the appropriate<br>corrections to reduce vulnerabilities; in this process we did not<br>discover any evidence of issues due to
Heartbleed.<br><br>At this time we have no indication to suggest that any ARIN system or<br>customer account was compromised. However, because of the complexity of<br>this vulnerability, ARIN recommends that:<br><br>1) ARIN Online users change their passwords of their user accounts<br>2) Create new API keys and deactivate their existing API keys.<br>3) Enable CRL and OCSP checking within your tools that interact with SSL<br>encryption to ensure you are connecting to the correct site.<br><br><br><br>Please contact <a ymailto="mailto:hostmaster@arin.net" href="mailto:hostmaster@arin.net">hostmaster@arin.net</a> if you have any questions.<br><br>Regards,<br><br>Mark Kosters<br>Chief Technology Officer<br>American Registry for Internet Numbers (ARIN)<br><br><br>_______________________________________________<br>ARIN-Announce<br>You are receiving this message because you are subscribed to<br>the ARIN Announce Mailing List (<a
ymailto="mailto:ARIN-announce@arin.net" href="mailto:ARIN-announce@arin.net">ARIN-announce@arin.net</a>).<br>Unsubscribe or manage your mailing list subscription at:<br><a href="http://lists.arin.net/mailman/listinfo/arin-announce" target="_blank">http://lists.arin.net/mailman/listinfo/arin-announce</a><br>Please contact <a ymailto="mailto:info@arin.net" href="mailto:info@arin.net">info@arin.net</a> if you experience any issues.<br><br></div> </div> </div> </div></body></html>