IETF Logo Mail Archive

Re: [regext] FW: New Version Notification for draft-gould-regext-secure-authinfo-transfer-00.txt

Jody Kolker <jkolker@godaddy.com> Fri, 26 July 2019 15:23 UTC

Return-Path: <jkolker@godaddy.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D358512003E for <regext@ietfa.amsl.com>; Fri, 26 Jul 2019 08:23:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=secureservernet.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JspznmRgctQE for <regext@ietfa.amsl.com>; Fri, 26 Jul 2019 08:23:23 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-eopbgr790111.outbound.protection.outlook.com [40.107.79.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA94E120077 for <regext@ietf.org>; Fri, 26 Jul 2019 08:23:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=brtONj0geZYYm337TlZHaPbQSArRhmV/ADEYXDtelvroZnb4jmTgc7KK8at1snoBnayWrTs0sMmhFkYVCLwDyfrol5zafxpKX38Jag4QsE88cNRWiHrdPpDI26+yk3hAatslpehQOjrUAayWcKTgtA38zEFxHr0cYVFagQQe2zkia2Bo3iSp7W0nioPABxHASbrtk76D0jGGb9eW0hNZEbeu1ZXCL6/w5A5QrfpbI/FaNPxbhEQTmq9/odjHewho8iH9zdc+m76i8agVzGrui1tLBB0HFNAuG/qTUd1hgRqsnJiw5iL9b9CbOFlOgDglbXTdAxp6ztZgA1hf+GQlcg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sW8Kvqt7yjCZFfJE3M2USUdkaVLe6ZMad/umOrynX20=; b=i9JOZ9rYkFMVemcmR8wREPRs8rWZrCqGKvRlVvkLIu8E1T3F1nWuP8bypwakxM6JWY9vHA7xkDsjqgZIL3Hqya0qZ2HudXwWIIC8riY7HJRliF68bDsaCNHCeYPK3jJ3w6R1862cxUOoL2pBjv5hyKTym7vpCiPB+0cfccdCvjUcg9eu4qXrB2m58La5PWhMARfKpHS4p+DKo2MVsW7mdpEPeQlO8SyS6vRL7HZ3M301LQzjK0D8LESVl8Jg/i+ZtIOnJ4eiPH186Opjp9B04o92P2bsptBfZXl8gFMTbCtD96GpgA3tR0zpQYoQNLwdvPHfFPzp08U0YGFH+z4wOw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=godaddy.com;dmarc=pass action=none header.from=godaddy.com;dkim=pass header.d=godaddy.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secureservernet.onmicrosoft.com; s=selector2-secureservernet-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sW8Kvqt7yjCZFfJE3M2USUdkaVLe6ZMad/umOrynX20=; b=SdpzZ5uGXmBHLTCSObjeWWD2CjmSUyklgbyi09slK7CpILSN2L/k1NnUNucCe6x00KOOOsmMAx0+OZJV98Hh0buM9nyqcJ8Bd1vzz90NT1KP9d2zTqL31RBh4R5qjTUjaWLN1XcxbnjICGvGXzXWW8wfopQ6Kv/HTDBsm/i4EhE=
Received: from MWHPR02MB3230.namprd02.prod.outlook.com (10.164.133.155) by MWHPR02MB2798.namprd02.prod.outlook.com (10.175.50.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.17; Fri, 26 Jul 2019 15:23:13 +0000
Received: from MWHPR02MB3230.namprd02.prod.outlook.com ([fe80::4809:d45e:474d:3e5f]) by MWHPR02MB3230.namprd02.prod.outlook.com ([fe80::4809:d45e:474d:3e5f%4]) with mapi id 15.20.2115.005; Fri, 26 Jul 2019 15:23:13 +0000
From: Jody Kolker <jkolker@godaddy.com>
To: Patrick Mevzek <pm@dotandco.com>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [regext] FW: New Version Notification for draft-gould-regext-secure-authinfo-transfer-00.txt
Thread-Index: AQHVQqxXi38l8irfoUu1Tt8/mWs+oabdA68w
Date: Fri, 26 Jul 2019 15:23:12 +0000
Message-ID: <MWHPR02MB3230A50F076B9B554AFE9BACBFC00@MWHPR02MB3230.namprd02.prod.outlook.com>
References: <2FE774F6-35D1-46B5-B403-2BA1CC8928B3@verisign.com> <9aad0040-20f6-480e-90d6-090ca91c18d3@www.fastmail.com> <4A0925CB-23A7-492C-83C8-36EB23F61A1F@verisign.com> <0119acdb-2ec9-4f14-b37a-d945e0b032b5@www.fastmail.com>
In-Reply-To: <0119acdb-2ec9-4f14-b37a-d945e0b032b5@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jkolker@godaddy.com;
x-originating-ip: [173.16.6.221]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9aa3c1ca-c3e3-4d9b-4d72-08d711dd2ca2
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:MWHPR02MB2798;
x-ms-traffictypediagnostic: MWHPR02MB2798:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <MWHPR02MB2798A6F90A70EF738D858A08BFC00@MWHPR02MB2798.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01106E96F6
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(376002)(39860400002)(346002)(396003)(136003)(366004)(199004)(189003)(13464003)(15594002)(2501003)(110136005)(256004)(305945005)(18074004)(8936002)(74316002)(53546011)(6116002)(14444005)(33656002)(66946007)(86362001)(7736002)(68736007)(316002)(3846002)(71190400001)(478600001)(26005)(25786009)(11346002)(71200400001)(446003)(8676002)(66066001)(99286004)(66476007)(486006)(186003)(5660300002)(6506007)(52536014)(6436002)(66446008)(53936002)(55016002)(102836004)(64756008)(9686003)(6306002)(66556008)(2906002)(14454004)(7696005)(6246003)(76116006)(476003)(81156014)(229853002)(15650500001)(76176011)(81166006)(966005); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR02MB2798; H:MWHPR02MB3230.namprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: godaddy.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 4bsBg8yhs01eUmQf9CLPG6Dh1J7NAJhVnckXeY5OJ+lV5YMwndVmbxFLxVf95xw6ereyyL2nTauYNY5FDvat5PcBitIRzvOrHp28E2b9rr67vwGyCQGiJQoTMRcSTdgv6hc7zJdEMXk47tfEPKFmfV7w5RJUKHPeVhHNljjMd22cEPokWmJ3QbEamfRpOF8flvbTxc57ew/vU67ARJJEGtppkCayGm3qXv0RYjKcbi0yqgTNlYMEdGQIugjFJ9ajaHrqbpYMPLZb7NJeRaKt6ODv60VzMPBikNyzBpog/695n6ymgoTj4p9Kn+t0u57Ir4Jc8IumlLTIWFodTRNAfQBgMvqUvyekXGkBk6n7eG+8lgJHtX1A7cXrBa2cokkibYJlHt6nlYVp/+6BMhzLwaFgIyzceRPvPzC19qRKe2g=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: godaddy.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9aa3c1ca-c3e3-4d9b-4d72-08d711dd2ca2
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jul 2019 15:23:12.9144 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d5f1622b-14a3-45a6-b069-003f8dc4851f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jkolker@godaddy.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR02MB2798
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/tlwKC8wo5ySmufirUuXXYBFcAqw>
Subject: Re: [regext] FW: New Version Notification for draft-gould-regext-secure-authinfo-transfer-00.txt
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jul 2019 15:23:27 -0000

Regarding the drafts position of "the authorization information .... MUST NOT be stored by the registrar." 

I agree that registrars will need the ability to store the password for a request to transfer in a domain in some situations (bulk transfers, network outages, registry maintence etc.).  There simply is no way around not storing the password to handle every situation.

As far as where this draft should be, I consider it only to be a best practice draft, not anything that will significantly change EPP.  I would love to have some type of standard for transferring domains or at least some type of communality between all of the TLDs, but I believe that will be a pipe dream.  Every TLD operator will believe they have the "best" transfer implementation.

If we could at least start with a discussion, maybe we could get to similar transfer process for most TLDs.

Would be curious to hear from other registrars and registrys on this topic.

Thanks,
Jody Kolker

-----Original Message-----
From: regext <regext-bounces@ietf.org> On Behalf Of Patrick Mevzek
Sent: Thursday, July 25, 2019 12:46 AM
To: regext@ietf.org
Subject: Re: [regext] FW: New Version Notification for draft-gould-regext-secure-authinfo-transfer-00.txt

Notice: This email is from an external sender.



Hello James,

On Mon, Jul 8, 2019, at 14:16, Gould, James wrote:
> JG - The draft is a Best Current Practice (BCP) per RFC 2026, and not 
> a standards track draft.  The draft describes how to leverage the 
> existing EPP RFCs for addressing the security of the authorization 
> information value for transfers.  EPP can have protocol extensions 
> defined as informational and standards track drafts, as well as 
> operational practices defined as BCP drafts.  There are many examples 
> of IETF BCPs.  This topic is very applicable to the IETF and the 
> REGEXT working group in particular.

I will remain in disagreement here (mandating how registries should store passwords or choose them regarding length and complexity is certainly a bigger issue than just EPP and has nothing to do regarding how EPP works as an exchange protocol between 2 entities), so I will only reply briefly as my contributions will not help whatsoever building this draft and try to refrain from participating in any future LC regarding this draft.

I would also suggest or offer the idea that various points in the draft (like "the authorization information .... MUST NOT be stored by the registrar.") do not align (which means: will never happen) with various registrars policies or architectures.
That one for example shows itself in later parts:
   5.  Gaining registrar optionally verifies the authorization
       information with the info command to the registry, as defined in
       Section 4.3.
   6.  Gaining registrar sends the transfer request with the
       authorization information to the registry, as defined in
       Section 4.4.

Since both actions have no guarantee to happen back to back and immediately (nor to be done by the same subsystems, from the same EPP client, throught the same EPP connection), the registrar MUST store the authorization somewhere.
Think about connection issues or delayed payment (wish to check authorization information even before taking the payment and starting the transfer), etc.

As is, this document will create interoperability problems in part because it does not even define an extension visible at greeting.
Without that, how could an EPP client know if the server follows point 4.1 for example, which is even more troublesome because of its MAY?
Without a clear indication, a client can continue sending a password, and see its domain:create command be rejected, without even knowing why (error reporting is not something  sufficiently standardized and stable across all registries for a client to base itself on).

>     Things like that:
>
>     > The operational practice will not require the client
>     >       to store the authorization information and will require the
>     >       server to store the authorization information using a
>     >       cryptographic hash.
>
>     How the password is stored and handled at the registry is completely
>     out of EPP scope. It could as well be symmetrically encrypted, and I fail
>     to see even how this can be enforceable (how will you verify remotely
>     how the registry stores the password?), as it is not protocol related.
>
> JG - Why would the storage and handling of the authorization 
> information be out of EPP scope?

Imagine a registry storing passwords as plain text and another storing it encrypted through some clever mechanism deriving the key from other registrars data (like its EPP password, that one never being needed to echo back, so could be stored as an hash).

What does that change for EPP?
Absolutely nothing.

> Do you agree that a cryptographic
> hash is more secure than using an encrypted value?

Irrelevant to EPP. The EPP schema clearly mandates for the passwords (both login and authInfo) to be exchanged in clear text (encapsulated in TLS of course).
One can see now that things should be done differently, and I could agree there.
But this has no relationship with how the registry stores it.

> JG - It's not meant to take into account all cases that exist today,

That will then remain a big problem for me, as an implementer.

>     So in my views the current password based model per domain has died,
>     and other solutions have to be searched for. Maybe there is space to pursue
>     in solutions around OTP frameworks.
>
> JG - You may want to take a stab at defining an alternative mechanism.
> I believe that EPP does not need to be extended to make the 
> authorization information secure for transfers.

Aside, remember that the current EPP schema already allows for authorization to happen, not only by providing the domain authInfo but instead the authInfo of a related contact (and its ROID to be able to pinpoint it).

And I seem to remember at least one registry to allow that. So definitively rare but not 0 either.

> Any ideas that you have to improve it would be greatly appreciated.

Maybe, but for me this work is not a good fit inside this working group or even the IETF. It may be a better fit for some ICANN groups, in order to deliver some "consensus policies" document (but remembering also at the same time that there is a world outside of gTLDs....). In my view the whole process around transfers (and not just talking here about the EPP transfer command) should be reviewed and reworked.

--
  Patrick Mevzek
  pm@dotandco.com

_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext

v2.23.0 | Report a Bug | By Email