ACSP Suggestion 2014.29: Enable SSL Support for whois.arin.net

Suggestion

Author: Gaige Paulsen   
Submitted On: 20 November 2014

Description:

SSL support for whois.arin.net (the web site) to fix security warnings when initiating Whois searches from ARIN.NET.

It seems out-of-character with the importance of this site on the internet that whois.arin.net is http:// instead of https://, thus resulting in a security warning if somebody initiates a whois from the SEARCH Whois box on the main ARIN home page.

Value to Community: TRUST of users who use the ARIN.NET website to find out essential information about the responsible parties for ARIN-distributed resources.

Timeframe: Immediate

Status: Closed   Updated: 14 September 2015

Tracking Information

ARIN Comment

05 December 2014

Thank you for submitting your suggestion, numbered 2014.29, on the topic of enabling SSL support for whois.arin.net. ARIN agrees implementing your suggestion would be very useful, and we intend to do so.

ARIN currently has a similar open suggestion to support HTTPS for WHOIS-RWS (numbered 2014.4). Our comments stated for this earlier suggestion apply to both the earlier suggestion and your newly submitted suggestion. Here is the text from our response to the earlier suggestion:

Thank you for your suggestion, numbered 2014.4 upon receipt and confirmation, requesting https support for Whois-RWS. ARIN agrees that this would be a very useful, in fact we previously attempted to provide a https solution approximately two years ago. We were unable to complete the effort due to the operational issues described below. In deploying new services for Whois-RWS, ARIN has three requirements.

  1. Whois-RWS is fronted by load balancers. 2) The load balancers must support ssl-offloading for effective throughput. 3) We must have both IPv4 and IPv6 capability for any existing or new public service.

Unfortunately, we have found that our existing load balancers do not support IPv6 adequately and become unreliable when the ssl-offloading feature is enabled. Despite promises made by our vendor following multiple requests that fix their systems to enable feature parity between IPv4 and IPv6, they have indicated that they will not support these features in a timely manner. Therefore, ARIN is in the process of replacing these load balancers with a vendor who can deliver IPv6 capability. We hope to have the new load balancers deployed in Q4 of this year, which will permit us to enable https support for Whois-RWS by Q1 of 2015.

Our implementation for this new suggestion also requires the replacement of our current load balancers to ones that reliably support both IPv6 and SSL-offloading. This work is currently underway and its completion will allow ARIN to implement solutions in response to suggestion 2014.4 and 2014.29.

Thank you again for your suggestion; it will remain open until this work is completed.

ARIN Comment

14 September 2015

Thank you for your suggestion, numbered 2014.29 upon confirmed receipt. On 12 September 2015, ARIN completed work to enable SSL support for whois.arin.net. Your suggestion has been completed and is now closed.