
<html>

  <head>

    <meta http-equiv="content-type" content="text/html;

      charset=windows-1252">

  </head>

  <body bgcolor="#ffffff" text="#000000">

    <style>@font-face {

  font-family: "&#65325;&#65331; &#26126;&#26397;";

}@font-face {

  font-family: "&#65325;&#65331; &#26126;&#26397;";

}@font-face {

  font-family: "Cambria";

}p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Cambria; }.MsoChpDefault { font-family: Cambria; }div.WordSection1 { page: WordSection1; }</style>

    <p class="MsoNormal">A new suggestion was received through the ACSP,

      and was assigned number<span style="">  </span>2015.2 upon

      receipt of confirmation.</p>

    <p class="MsoNormal"> </p>

    <p class="MsoNormal">The text of the Suggestion is available at:

      <a class="moz-txt-link-freetext" href="https://www.arin.net/participate/acsp/suggestions/2015-2.html">https://www.arin.net/participate/acsp/suggestions/2015-2.html</a></p>

    <p class="MsoNormal"> </p>

    <p class="MsoNormal">ARIN will issue an initial response within 10

      business days.</p>

    <p class="MsoNormal"> </p>

    <p class="MsoNormal">Regards,</p>

    <p class="MsoNormal"> </p>

    <p class="MsoNormal">Communications and Member Services</p>

    <p class="MsoNormal">American Registry for Internet Numbers (ARIN)</p>

    <p class="MsoNormal"> </p>

    <p class="MsoNormal"><span style=""> </span><br>

      <span style="font-family:Times;mso-fareast-font-family:"Times

        New Roman"; mso-bidi-font-family:"Times New

        Roman""><br>

      </span><span

        style="font-family:Helvetica;mso-fareast-font-family:"Times

        New Roman"; mso-bidi-font-family:"Times New

        Roman"">***</span><span style="font-family:

        Times;mso-fareast-font-family:"Times New

        Roman";mso-bidi-font-family:"Times New Roman""><o:p></o:p></span><b><span

          style="font-family: Helvetica;mso-bidi-font-family:"Times

          New Roman";color:black"><br>

          Suggestion: </span></b><span

        style="font-family:Arial;mso-bidi-font-family:"Times New

        Roman";color:black"><o:p></o:p></span> <br>

      <br>

    </p>

    <p class="MsoNormal">Submitter has noticed that <a class="moz-txt-link-abbreviated" href="http://www.arin.net">www.arin.net</a> has for

      some time been https-only, with attempts to connect via http

      issued a 301 redirect to the https site.<br>

      <br>

      An improvement upon this practice would be to support HTTP Strict

      Transport Security (RFC 6797). At a high level, HSTS informs

      capable browsers [*] via an additional header in each HTTPS

      session that for a certain period of time (typically months to one

      year) they should never try to connect to the site via unencrypted

      HTTP. This is an additional layer of protection against man in the

      middle attacks.<br>

      <br>

      [*] At this writing, HSTS is widely supported (Chrome, Firefox,

      Opera, Safari, and upcoming in IE for Windows 10).<br>

      <br>

      Value to Community: Increased protection against spoofing/MITM

      attacks<br>

    </p>

  </body>

</html>