Upcoming operational changes to ARIN services (was: Fwd: [arin-announce] Reminder--Upcoming Security Improvements and Change to RDAP URL)

[John Curran <jcurran () arin net>]

Folks –

Please note upcoming TLS 1.1 deprecation and RDAP URL changes – if you need to update your systems, please start this 
process sufficiently early to avoid impacts.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN <info () arin net<mailto:info () arin net>>
Subject: [arin-announce] Reminder--Upcoming Security Improvements and Change to RDAP URL
Date: 20 January 2021 at 10:09:03 AM EST
To: "arin-announce () arin net<mailto:arin-announce () arin net>" <arin-announce () arin net<mailto:arin-announce () 
arin net>>

This announcement is to remind you of previously-announced changes that ARIN is making, including the following:

- security improvements for Whois-RWS, RDAP, and www.arin.net<http://www.arin.net>, scheduled for on or about 19 
February 2021
- change of address to the Registration Data Access Protocol (RDAP) bootstrap server, scheduled for on or about 30 June 
2021

More information is provided in this announcement.

*Security Improvements for WhoWhois-RWS, RDAP, and www.arin.net<http://www.arin.net>*

As announced on 22 October 2020 and 2 December 2020, upcoming security improvements for Whois-RWS, RDAP, and 
www.arin.net<http://www.arin.net> are scheduled to be completed on or around 19 February 2021. The following 
information is from the previous announcement:

Earlier this year, ARIN implemented security enhancements that included ending support for TLS 1.0 for Whois-RWS and 
RDAP services and improving ciphers used in www.arin.net<http://www.arin.net>. As part of our continuing effort to 
improve security, on or around 19 February 2021, we will end support for TLS 1.1 and weak Diffie-Hellman (DH) key 
exchange parameters on www.arin.net<http://www.arin.net>, Whois-RWS, and RDAP. We will also update the ciphers 
available on Whois-RWS and RDAP to match those on www and reg.arin.net<http://reg.arin.net>. The removal of TLS 1.1 may 
impact the way you interface programmatically with ARIN to query and retrieve information from Whois-RWS and RDAP.

Changes in our supported versions of TLS are due to well-known security issues with this protocol. More information is 
available at https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/  . ARIN continues to support TLS 
1.2. The cipher update satisfies ACSP Suggestion 2015.15: Improvements to SSL Security for 
whois.arin.net<http://whois.arin.net>.

We are providing you advance notice of these changes, as you may need to make configuration or code changes on your 
clients that interface with Whois-RWS and RDAP services. We encourage you to make these changes so you will have no 
operational impact when we disable the vulnerable transport protocol version.

*RDAP Bootstrap Server Change of Address*

As announced on 21 November 2020 and 16 December 2020, the ARIN Registration Data Access Protocol (RDAP) Bootstrap 
server address is changing. The following information is from the previous announcement:

ARIN is changing the address of our Registration Data Access Protocol (RDAP) bootstrap server from 
https://rdap.arin.net/bootstrap to https://rdap-bootstrap.arin.net/bootstrap. A bootstrap server is used to forward 
queries from users seeking registration data for Internet resources to another server that can provide more detailed 
registration information about that resource. The address of the bootstrap server is used in the “query URL” sent from 
a client application or entered into a command-line query by a user.

ARIN has set up a redirect to automatically route queries from the old URL to the new URL when support for the old URL 
is ended. The old URL will be retired on 30 June 2021, and the redirect will be active. However, it is important to 
note we can’t guarantee the redirect will be respected by all clients. In order to avoid any problems, queries should 
be changed to use the new URL, https://rdap-bootstrap.arin.net/bootstrap, as soon as possible.

More information about how the bootstrap URL works and this upcoming change can be found on TeamARIN at 
https://teamarin.net/2020/12/11/buckle-up-change-of-address-coming-for-arins-bootstrap-server/. If you have questions 
or comments about this change, please submit an Ask ARIN ticket using your ARIN Online account, or contact the 
Registration Services Help Desk by phone Monday through Friday, 7:00 AM to 7:00 PM ET at +1.703.227.0660.

Regards,

Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)


_______________________________________________
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List (ARIN-announce () arin net<mailto:ARIN-announce () arin net>).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact info () arin net if you experience any issues.