[regext] I-D Action: draft-ietf-regext-secure-authinfo-transfer-05.txt
internet-drafts@ietf.org Mon, 04 January 2021 23:11 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: regext@ietf.org
Delivered-To: regext@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AC0B33A0A1C; Mon, 4 Jan 2021 15:11:44 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: regext@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.24.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: regext@ietf.org
Message-ID: <160980190464.24957.11545666729815879550@ietfa.amsl.com>
Date: Mon, 04 Jan 2021 15:11:44 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/BtgvhW8vfhQWxU5a_GoZpm-NmdQ>
Subject: [regext] I-D Action: draft-ietf-regext-secure-authinfo-transfer-05.txt
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jan 2021 23:11:45 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Registration Protocols Extensions WG of the IETF.
Title : Extensible Provisioning Protocol (EPP) Secure Authorization Information for Transfer
Authors : James Gould
Richard Wilhelm
Filename : draft-ietf-regext-secure-authinfo-transfer-05.txt
Pages : 28
Date : 2021-01-04
Abstract:
The Extensible Provisioning Protocol (EPP), in RFC 5730, defines the
use of authorization information to authorize a transfer. The
authorization information is object-specific and has been defined in
the EPP Domain Name Mapping, in RFC 5731, and the EPP Contact
Mapping, in RFC 5733, as password-based authorization information.
Other authorization mechanisms can be used, but in practice the
password-based authorization information has been used at the time of
object create, managed with the object update, and used to authorize
an object transfer request. What has not been fully considered is
the security of the authorization information that includes the
complexity of the authorization information, the time-to-live (TTL)
of the authorization information, and where and how the authorization
information is stored. This document defines an operational
practice, using the EPP RFCs, that leverages the use of strong random
authorization information values that are short-lived, that are not
stored by the client, and that are stored using a cryptographic hash
by the server to provide for secure authorization information used
for transfers.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-regext-secure-authinfo-transfer/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-regext-secure-authinfo-transfer-05.html
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-regext-secure-authinfo-transfer-05
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
- [regext] I-D Action: draft-ietf-regext-secure-aut… internet-drafts