[ARIN-Suggestions] Response to Suggestion 2014.29: ENABLE SSL SUPPORT FOR WHOIS.ARIN.NET

[ARIN]

ARIN has issued its initial response to ACSP Suggestion 2014.29. The 
suggestion and response text are provided below. This suggestion remains 
open and is available at:

https://www.arin.net/participate/acsp/suggestions/2014-29.html

Regards,

Communications and Member Services
American Registry for Internet Numbers (ARIN)

****
Suggestion: *

Description: SSL support for whois.arin.net (the web site) to fix 
security warnings when initiating Whois searches from ARIN.NET.

It seems out-of-character with the importance of this site on the 
internet that whois.arin.net is http:// instead of https://, thus 
resulting in a security warning if somebody initiates a whois from the 
SEARCH Whois box on the main ARIN home page.

Value to Community: TRUST of users who use the ARIN.NET website to find 
out essential information about the responsible parties for 
ARIN-distributed resources.

*Response:*

Thank you for submitting your suggestion, numbered 2014.29, on the topic 
of enabling SSL support for whois.arin.net. ARIN agrees implementing 
your suggestion would be very useful, and we intend to do so.

ARIN currently has a similar open suggestion to support HTTPS for 
WHOIS-RWS (numbered 2014.4). Our comments stated for this earlier 
suggestion apply to both the earlier suggestion and your newly submitted 
suggestion. Here is the text from our response to the earlier suggestion:

Thank you for your suggestion, numbered 2014.4 upon receipt and 
confirmation, requesting https support for Whois-RWS. ARIN agrees that 
this would be a very useful, in fact we previously attempted to provide 
a https solution approximately two years ago. We were unable to complete 
the effort due to the operational issues described below. In deploying 
new services for Whois-RWS, ARIN has three requirements.

1) Whois-RWS is fronted by load balancers. 2) The load balancers must 
support ssl-offloading for effective throughput. 3) We must have both 
IPv4 and IPv6 capability for any existing or new public service.

Unfortunately, we have found that our existing load balancers do not 
support IPv6 adequately and become unreliable when the ssl-offloading 
feature is enabled. Despite promises made by our vendor following 
multiple requests that fix their systems to enable feature parity 
between IPv4 and IPv6, they have indicated that they will not support 
these features in a timely manner. Therefore, ARIN is in the process of 
replacing these load balancers with a vendor who can deliver IPv6 
capability. We hope to have the new load balancers deployed in Q4 of 
this year, which will permit us to enable https support for Whois-RWS by 
Q1 of 2015.

Our implementation for this new suggestion also requires the replacement 
of our current load balancers to ones that reliably support both IPv6 
and SSL-offloading. This work is currently underway and its completion 
will allow ARIN to implement solutions in response to suggestion 2014.4 
and 2014.29.

Thank you again for your suggestion; it will remain open until this work 
is completed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-suggestions/attachments/20141205/9fc58256/attachment.html>