[135863] in North American Network Operators' Group
Re: ARIN IRR Authentication (was: Re: AltDB?)
daemon@ATHENA.MIT.EDU (John Curran)
Sun Jan 30 11:14:36 2011
From: John Curran <jcurran@arin.net>
To: Jeff Wheeler <jsw@inconcepts.biz>
Date: Sun, 30 Jan 2011 16:13:28 +0000
In-Reply-To: <AANLkTimdaEOJ1LmFNc+fR6vHm83R=NmbQH8-=_+Jyd3B@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 29, 2011, at 10:50 PM, Jeff Wheeler wrote:
> On Thu, Jan 27, 2011 at 10:00 PM, John Curran <jcurran@arin.net> wrote:
>> Based on the ARIN's IRR authentication thread a couple of weeks ago, the=
re
>> were suggestions placed into ARIN's ACSP process for changes to ARIN's I=
RR
>> system. ARIN has looked at the integration issues involved and has sched=
uled
>> an upgrade to the IRR system that will accept PGP and CRYPT-PW authentic=
ation
>> as well as implementing notification support for both the mnt-nfy and no=
tify
>> fields by the end of August 2011.
>=20
> I'm glad to see that a decision was made to improve the ARIN IRR,
> rather than stick to status-quo or abandon it.
Good to hear.
> However, this response
> is essentially what most folks I spoke with off-list imagined: You
> have an immediate operational security problem which could cause
> service impact to ARIN members and others relying on the ARIN IRR
> database, and fixing it by allowing passwords or PGP to be used is not
> very hard.
I appreciate your estimate of the effort required to address this=20
problem, but we're not doing this as a completely separate system
but with the intention of having some level of integration with=20
our existing ARIN Online system in the future. While this may=20
take more effort, and was not in our original 2011 budget, we=20
have been able to add it to plan with development to begin later
in the year.
> As I have stated on this list, I believe ARIN is not organizationally
> capable of handling operational issues. =20
You've asserted this belief in prior messages (as well as noting=20
that "No one is forced to use ARIN IRR") If the IRR does not meet
your needs during this period, I would recommend using one of the
many alternative routing registries available. =20
In any case, I'd like to thank you again for raising the concern about=20
lack of IRR authentication, as it was instrumental in bringing this=20
matter to resolution.
Thanks!
/John
John Curran
President and CEO
ARIN
