IRR Upgrade Completed

Posted: Thu, 29 September 2011

On 29 September 2011, ARIN updated its Internet Routing Registry System (IRR) to support PGP and MD5 authentication, as well as notification fields, as suggested in ACSP 2011.1 and 2011.2.

Supported Authentication Methods

  • PGP is a strong form of authentication. The authentication information is a signature identity pointing to a public key certificate, which is stored in a separate key-cert object.
  • MD5 is based on the MD5 hash algorithm and provides stronger authentication than CRYPT-PW. The authentication information stored in the database is a passphrase encrypted using md5-crypt algorithm. This scheme is quite stable against dictionary attacks. However, since the encrypted form is exposed it cannot be considered as a strong form of authentication.
  • ARIN’s IRR continues to support MAIL-FROM authentication, though cautions that this is the weakest form of authentication. Regular expressions are no longer supported and your email address must match what is registered.

Notification Attributes

  • notify: The "notify:" attribute is an option in most object types. A notification is sent to the email addresses specified when the object is successfully updated.
  • mnt-nfy: The "mnt-nfy:" attribute is optional and can only be included in mntner objects. When a maintained object is updated successfully a notification message will be sent to email addresses contained in the "mnt-nfy:" attributes of the mntner objects.
  • upd-to: The "upd-to:" attributes is mandatory and can only be included in mntner objects. When an update to a maintained object fails the authentication, the notifications are sent to all the email addresses contained in the "upd-to:" attributes.

The ARIN Routing Registry is a database containing routing policy information for network operators within the ARIN service region.  ARIN's routing registry improves the ability of network operators to configure and manage their networks. Detailed information and documentation for the IRR is available at:

Please send any questions, comments, or issues to:

Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)