1 / 25

ARIN DBWG Tim Christensen

Authentication Update. ARIN DBWG Tim Christensen. Overview. Mandate for change Applying authentication to processes Choosing the first method Make it happen Next steps. Why Change, Why Now?. Community has made it clear that mail-from authentication is inadequate and want better options

tovah
Download Presentation

ARIN DBWG Tim Christensen

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authentication Update ARIN DBWG Tim Christensen

  2. Overview • Mandate for change • Applying authentication to processes • Choosing the first method • Make it happen • Next steps

  3. Why Change, Why Now? • Community has made it clear that mail-from authentication is inadequate and want better options • Stewardship principles dictate that ARIN move away from loose security • Release of new database clears path for forward progress

  4. Applying Better Authentication Identify use cases for authentication mechanisms: What processes benefit from stronger authentication? • Inbound templates and requests • Outbound mail • Outbound files • Web publishing • Web transactions

  5. Approach • Community has asked for spectrum of authentication choices • Password (md5-pw, des, etc.) • PGP • X.509 • Implement one at a time, evaluate, and repeat • Consider mail-from deprecation after evaluating adoption progress

  6. Authentication Deployment Precepts • Phased, opt-in adoption • Permit multiple authentication methods • Prohibit a POC’s use of mail-from when an “improved” authentication method is selected by a POC

  7. Choosing the First Authentication Method • Investigate other RIRs’ implementations • APNIC – using userid/password, PGP, and X.509; running Certificate Authority (CA) • LACNIC – using userid/passphrase • RIPE NCC – using password and PGP

  8. Choosing the First Authentication Method • Community input – public policy mtgs. • Certificates “good” • When implementing PGP don’t use public key servers • Engineering evaluation • Applicability to processes • Strength of security • Coordination with other ongoing eng efforts • Other RIR implementations

  9. The choice: X.509 First • Permits application of secure authentication to widest array of processes: • Can protect (authenticate and encrypt) email templates • Can authenticate web transactions • Can authenticate data produced by ARIN • Provides best combination of: • Control • Security • Utility

  10. How X.509 Adopters Get Tighter Authentication POC generates Certificate Signing Request (CSR) POC maintainsauthentication certificate (“rollover”) ARINauthenticatestemplatessubmitted by that POC POC sends CSRin a new templateto ARIN ARIN generatescertificate, updatesdatabase, and returns it to POC ARIN verifies CSR contents POC usescertificate to sign templates

  11. Getting There • Identify process touch points • Registration template processing (email) • Non-template email communication • Online processing (future) • Establish test bed • Propose process changes • CSR processing • Running the ARIN Certificate Authority (CA) • Signed template acceptance & rejection • Response to authentication failure

  12. Timeline

  13. Timeline Establish requirements and prerequisites

  14. Timeline Establish requirements and prerequisites Accomplish prerequisites

  15. Timeline Establish requirements and prerequisites Accomplish prerequisites Explore options

  16. Timeline Establish requirements and prerequisites Accomplish prerequisites Explore options Understand existing RIR implementations

  17. Timeline Establish requirements and prerequisites Accomplish prerequisites Explore options Understand existing RIR implementations Identify use cases & touch points

  18. Timeline Establish requirements and prerequisites Accomplish prerequisites Explore options Understand existing RIR implementations Identify use cases & touch points Establish test bed

  19. Timeline Establish requirements and prerequisites Accomplish prerequisites Explore options Understand existing RIR implementations Identify use cases & touch points Establish test bed Choose first deployment method

  20. Timeline Establish requirements and prerequisites Accomplish prerequisites Explore options Understand existing RIR implementations Identify use cases & touch points Establish test bed Choose first deployment method Develop process changes POC-Auth Template Procedural changes Systematic changes

  21. Timeline Establish requirements and prerequisites Accomplish prerequisites Explore options Understand existing RIR implementations Identify use cases & touch points Establish test bed Choose first deployment method Develop process changes Form beta community and test Interested? beta@arin.net Perform beta training & testing Refine/respond to beta issues Training (internal/external)

  22. Timeline Establish requirements and prerequisites Accomplish prerequisites Explore options Understand existing RIR implementations Identify use cases & touch points Establish test bed Choose first deployment method Develop process changes Form beta community and test Deploy

  23. Timeline Establish requirements and prerequisites Accomplish prerequisites Explore options Understand existing RIR implementations Identify use cases & touch points Establish test bed Choose first deployment method Develop process changes Form beta community and test Deploy Implement other methods

  24. Timeline Establish requirements and prerequisites Accomplish prerequisites Explore options Understand existing RIR implementations Identify use cases & touch points Establish test bed Choose first deployment method Develop process changes Form beta community and test Deploy Implement other methods Deprecate Mail-From?

  25. Thank You!

More Related