ARIN IRR Authentication (was: Re: AltDB?)

John Curran jcurran at arin.net
Sun Jan 30 10:13:28 CST 2011


On Jan 29, 2011, at 10:50 PM, Jeff Wheeler wrote:

> On Thu, Jan 27, 2011 at 10:00 PM, John Curran <jcurran at arin.net> wrote:
>> Based on the ARIN's IRR authentication thread a couple of weeks ago, there
>> were suggestions placed into ARIN's ACSP process for changes to ARIN's IRR
>> system. ARIN has looked at the integration issues involved and has scheduled
>> an upgrade to the IRR system that will accept PGP and CRYPT-PW authentication
>> as well as implementing notification support for both the mnt-nfy and notify
>> fields by the end of August 2011.
> 
> I'm glad to see that a decision was made to improve the ARIN IRR,
> rather than stick to status-quo or abandon it.

Good to hear.

> However, this response
> is essentially what most folks I spoke with off-list imagined: You
> have an immediate operational security problem which could cause
> service impact to ARIN members and others relying on the ARIN IRR
> database, and fixing it by allowing passwords or PGP to be used is not
> very hard.

I appreciate your estimate of the effort required to address this 
problem, but we're not doing this as a completely separate system
but with the intention of having some level of integration with 
our existing ARIN Online system in the future.  While this may 
take more effort, and was not in our original 2011 budget, we 
have been able to add it to plan with development to begin later
in the year.

> As I have stated on this list, I believe ARIN is not organizationally
> capable of handling operational issues.  

You've asserted this belief in prior messages (as well as noting 
that "No one is forced to use ARIN IRR")  If the IRR does not meet
your needs during this period, I would recommend using one of the
many alternative routing registries available.  

In any case, I'd like to thank you again for raising the concern about 
lack of IRR authentication, as it was instrumental in bringing this 
matter to resolution.

Thanks!
/John

John Curran
President and CEO
ARIN








More information about the NANOG mailing list