[ARIN-Suggestions] New ACSP Suggestion 2015.2: SUPPORT HSTS WHERE TECHNICALLY FEASIBLE
info at arin.net
Fri Jan 30 12:18:49 EST 2015
A new suggestion was received through the ACSP, and was assigned
number2015.2 upon receipt of confirmation.
The text of the Suggestion is available at:
ARIN will issue an initial response within 10 business days.
Communications and Member Services
American Registry for Internet Numbers (ARIN)
Submitter has noticed that www.arin.net has for some time been
https-only, with attempts to connect via http issued a 301 redirect to
the https site.
An improvement upon this practice would be to support HTTP Strict
Transport Security (RFC 6797). At a high level, HSTS informs capable
browsers [*] via an additional header in each HTTPS session that for a
certain period of time (typically months to one year) they should never
try to connect to the site via unencrypted HTTP. This is an additional
layer of protection against man in the middle attacks.
[*] At this writing, HSTS is widely supported (Chrome, Firefox, Opera,
Safari, and upcoming in IE for Windows 10).
Value to Community: Increased protection against spoofing/MITM attacks
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the arin-suggestions