[ARIN-Suggestions] Response to ACSP 2021.3: Provide Certificate Transparency for RPKI and Closing of ACSP 2015.15: Improvements to SSL Security for whois.arin.net

[ARIN]

On 23 February, we issued our response to ACSP 2021.3, which was received on 17 February:

Thank you for your suggestion, numbered 2021.3 on confirmed receipt, asking that we provide certificate transparency for RPKI. We agree this is a beneficial improvement and will prioritize it for future implementation.

Thank you for participating in the ARIN Consultation and Suggestion Process. Your suggestion will remain open until implemented.

The full text of the suggestion is available below and at:

https://www.arin.net/participate/community/acsp/suggestions/2021/2021-3/

Description: ARIN should publish immutable logs about the existence of RPKI certificates as they are issued or revoked, in a manner that allows anyone to audit certificate authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves.

Value to Community: ARIN already has gone a long way to maximize the trustworthiness of the Trust Anchor by offering a hosted RPKI environment anchored on non-repudiation. A next step is to enable anyone to audit the ARIN TA in the form of a practice known as “Certificate Transparency”.

Timeframe: Not specified

On 23 February, we also closed ACSP 2015.15: Improvements to SSL Security for whois.arin.net with the following response:

Thank you for your suggestion, numbered 2015.15 on confirmed receipt, asking that ARIN remove support for weak Diffie-Hellman (DH) key exchange parameters. We have completed this work with our most recent system update. Because this work has been completed, we are closing your suggestion. Thank you for your participation in the ARIN Consultation and Suggestion Process.

The full text of the suggestion is available here: https://www.arin.net/participate/community/acsp/suggestions/2015/2015-15/

Regards,
The American Registry for Internet Numbers (ARIN)