<html>
  <head>
    <meta http-equiv="content-type" content="text/html;
      charset=windows-1252">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p class="MsoNormal" style="margin: 6pt 0in; line-height: 18pt;
      background: none repeat scroll 0% 0% white;"><span
        style="font-family:Helvetica;mso-fareast-font-family:
        "Times New Roman";mso-bidi-font-family:"Times New
        Roman"">ARIN has issued its final response to ACSP
        Suggestion 2015.2. The suggestion and response text are provided
        below. This suggestion is now closed and is available at: </span><span
        style="font-family: Times;"></span><span
        style="font-family:Times;mso-fareast-font-family:"Times New
        Roman";mso-bidi-font-family: "Times New Roman""></span><span
        style="font-family: Helvetica;"><br>
      </span></p>
    <p class="MsoNormal"
      style="margin-top:6.0pt;margin-right:0in;margin-bottom:6.0pt;
      margin-left:0in;line-height:18.0pt;background:white"><span
        style="font-family:Helvetica;mso-fareast-font-family:"Times
        New Roman"; mso-bidi-font-family:"Times New
        Roman""><a class="moz-txt-link-freetext" href="https://www.arin.net/participate/acsp/suggestions/2015-2.html">https://www.arin.net/participate/acsp/suggestions/2015-2.html</a></span><span
        style="font-family:Times;mso-fareast-font-family:"Times New
        Roman";mso-bidi-font-family: "Times New Roman""><br>
        <br>
      </span><span
        style="font-family:Helvetica;mso-fareast-font-family:"Times
        New Roman"; mso-bidi-font-family:"Times New
        Roman"">Regards,</span><span style="font-family:
        Times;mso-fareast-font-family:"Times New
        Roman";mso-bidi-font-family:"Times New Roman""><br>
        <br>
      </span><span
        style="font-family:Helvetica;mso-fareast-font-family:"Times
        New Roman"; mso-bidi-font-family:"Times New
        Roman"">Communications and Member Services</span><span
        style="font-family:Times;mso-fareast-font-family:"Times New
        Roman";mso-bidi-font-family: "Times New Roman""><br>
      </span><span
        style="font-family:Helvetica;mso-fareast-font-family:"Times
        New Roman"; mso-bidi-font-family:"Times New
        Roman"">American Registry for Internet Numbers (ARIN)</span><span
        style="font-family:Times;mso-fareast-font-family:"Times New
        Roman"; mso-bidi-font-family:"Times New Roman""><br>
        <br>
      </span><span
        style="font-family:Helvetica;mso-fareast-font-family:"Times
        New Roman"; mso-bidi-font-family:"Times New
        Roman"">***</span><span style="font-family:
        Times;mso-fareast-font-family:"Times New
        Roman";mso-bidi-font-family:"Times New Roman""><o:p></o:p></span><b><span
          style="font-family: Helvetica;mso-bidi-font-family:"Times
          New Roman";color:black"><br>
          Suggestion: </span></b><span
        style="font-family:Arial;mso-bidi-font-family:"Times New
        Roman";color:black"><o:p></o:p></span></p>
    Description: Support HSTS where technically feasible.<br>
    <br>
    Submitter has noticed that <a class="moz-txt-link-abbreviated" href="http://www.arin.net">www.arin.net</a> has for some time been
    https-only, with attempts to connect via http issued a 301 redirect
    to the https site.<br>
    <br>
    An improvement upon this practice would be to support HTTP Strict
    Transport Security (RFC 6797). At a high level, HSTS informs capable
    browsers [*] via an additional header in each HTTPS session that for
    a certain period of time (typically months to one year) they should
    never try to connect to the site via unencrypted HTTP. This is an
    additional layer of protection against man in the middle attacks.<br>
    <br>
    [*] At this writing, HSTS is widely supported (Chrome, Firefox,
    Opera, Safari, and upcoming in IE for Windows 10).<br>
    <br>
    Value to Community: Increased protection against spoofing/MITM
    attacks<span style="font-family:
      Helvetica;mso-bidi-font-family:"Times New
      Roman";color:black"></span><span
      style="font-family:Arial;mso-bidi-font-family:"Times New
      Roman";color:black"><o:p></o:p></span>
    <p class="MsoNormal"
      style="margin-top:6.0pt;margin-right:0in;margin-bottom:6.0pt;
      margin-left:0in;line-height:18.0pt;background:white"><b><span
          style="font-family: Helvetica;mso-bidi-font-family:"Times
          New Roman";color:black">Response:</span></b><span
        style="font-family:Arial;mso-bidi-font-family:"Times New
        Roman";color:black"><o:p></o:p></span></p>
    12 February 2015<br>
    <br>
    Thank you for submitting your suggestion, numbered 2015.2, on the
    topic of HSTS support for the ARIN website.<br>
    <br>
    We will explore HSTS support to our website. Provided there are no
    adverse effects in testing, we will be rolling this improvement out
    within the next 60 days. Thank you again for suggesting this
    improvement. This ACSP item will remain open until the work is
    completed.<br>
    <br>
    22 April 2015<br>
    <br>
    HSTS functionality was successfully deployed on both our production
    and OT&E servers on April 20. This suggestion is now closed.<br>
    <br>
    <span style="font-family:Helvetica; mso-bidi-font-family:"Times
      New Roman";color:black"></span>
  </body>
</html>