IETF Logo Mail Archive

[regext] FW: New Version Notification for draft-gould-regext-login-security-00.txt

"Gould, James" <jgould@verisign.com> Mon, 04 June 2018 20:30 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 155C7130DDD for <regext@ietfa.amsl.com>; Mon, 4 Jun 2018 13:30:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZK4nEPN19pCl for <regext@ietfa.amsl.com>; Mon, 4 Jun 2018 13:30:24 -0700 (PDT)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5ADA130DC0 for <regext@ietf.org>; Mon, 4 Jun 2018 13:30:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=19621; q=dns/txt; s=VRSN; t=1528144223; h=from:to:subject:date:message-id:mime-version; bh=ffY4L7kSzeRYCzHeHqhqBAOyNoCvxsTYPxzggpHJGEg=; b=RD0Gf0ZS+ksKP1MlwsWdo84eK4clrI+Z3D4JWbmsIGSiHo4XgbCvSzhG Tzvrt3ZXbJLfFclwkynwiNIgoVQrgGtMOria58k4BePNIbjJRFkBA5KW6 rOEPidHkj2OhK9t9US8jffpIwi8gfca3nm3jYnAao+6l1EDPP5l6p8hFU JzesSwah4sixDHwVhjTN9D4RjfwE6jxdzt23GdU87yz6FC3AZIERO86V/ NmH+b63I5hmtvkDJqSsYJkVQLiA5Rb0Pdi2WliJ2JwduhG6hZZpdGLkff kOdOMzuaLEifwDI6HHT+++mxJTN+GcYO6WCDRs4b0hSDHQfsPcW7WDlq0 w==;
X-IronPort-AV: E=Sophos;i="5.49,476,1520899200"; d="scan'208,217";a="6868150"
IronPort-PHdr: 9a23:/VJeWhGovfOxAnXSNP6bZp1GYnF86YWxBRYc798ds5kLTJ7zosuwAkXT6L1XgUPTWs2DsrQY07eQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDqwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VC+85Kl3VhDnlCYHNyY48G7JjMxwkLlbqw+lqxBm3oLYfJ2ZOP94c6jAf90VWHBBU95RWSJfH428c4UBAekPMuZZs4byqEADogGiCQmpHu7j1iVFi33w0KYn0+ohCwbG3Ak4Et4AsXrUq8j1NKMPXuyt0aLGyS/Mb/ZI1jfm5oTDbxcsofODXbJ3bMrRzVQgGhjbjlqOs4zlPiiV1uUCs2id9eZvSeWvi2s+pgx3vzOhyMAsiozTiYIUzFDJ7Tt5z5gvJd25U057YNGkEJ1RtyGcK4R6WN8tQ2ZtuCoiy70Jp4K7fCYQxJQg3R7fZPqKeJWL7BL7TOudPCt0iGh4dL+9iRu+61Wsx+3yW8Wu31tHrSxImcTWuH8XzRzc8M2HR+N4/kemxDmAyRje6vpBIUAojarbLIMhwqIompoTr0vDGij2lV3rgaGKbkso5+in5fzobLrnupOQKpV4ih/iPaQpgMy/Gf40PRITUGSB5+S8zqbj/UvjTLpWif02l7HVsJHcJcsFuq60GxJZ3po55xqiDTqr3s4UkWQHIV9LYh6KgIvkN0nLIP/iDPe/h1qskC1sx/DDJrDhAJrNLn/ekLflYLlw8FBcxxQpzdBe/JJUC74BIPTpVkDts9zYCwc1MxaozOb/FNV9yoQeVHqVAqCHP6Pdr1CJ5v40LumNeoAVpDj9J+Ii5/70gn9q0WMaKJOk0poMdGqxAvVhJQ2he33whdwGFXxCkxoiQerxiVqESnYHfXu9UrIgzjA2FIzgCp3MENODmruEiW2UGYBSaiQOKFmJHGyiP9GGVPARbC66PMJ7kycFWr7nQIgkg0L9/DTmwqZqe7KHshYTsojugZ0sv7Xe
X-IPAS-Result: A2HFAADGoBVb/zCZrQpSBwMcAQEBBAEBCgEBgk6BV4EnCoNuiASORZRsgT0XJAsTEgmEPhmCGzQYAQIBAQEBAQECAQECgQQMgjUkAQ4vHCEIAQUBAQEBAQEnAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBCAIIBzUSARoGIwpKFAEILgEBEgIEMBsBBgUEE4MiAoEbc6ZTghyEWINogWgJAYoNPoEzDIJdgxEBAQIBAYExBRAtCiYBAQWCMjCCJAKHP4RvgSODVodHAwYChWqFNYR+QIM4hlOBE4l4hwACAgICBAUCFIFBggtwFRohKgGCGAmFc4UUhT0BbwEIAwEjjCIBDRWBCoEZAQE
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1466.3; Mon, 4 Jun 2018 16:30:22 -0400
Received: from BRN1WNEXCAS02.vcorp.ad.vrsn.com (10.173.152.206) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1466.3 via Frontend Transport; Mon, 4 Jun 2018 16:30:22 -0400
Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas02.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0301.000; Mon, 4 Jun 2018 16:30:21 -0400
From: "Gould, James" <jgould@verisign.com>
To: Registration Protocols Extensions <regext@ietf.org>
Thread-Topic: New Version Notification for draft-gould-regext-login-security-00.txt
Thread-Index: AQHT/ELbV2b5ShbjYkSiGgp+hocUlA==
Date: Mon, 04 Jun 2018 20:30:20 +0000
Message-ID: <61D9AB58-FF73-4642-9F01-01E1808E08BC@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.d.1.180523
x-originating-ip: [10.173.153.48]
Content-Type: multipart/alternative; boundary="_000_61D9AB58FF7346429F0101E1808E08BCverisigncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/Og6a9KevDN3aB8PR1ZNfBtIuwnQ>
Subject: [regext] FW: New Version Notification for draft-gould-regext-login-security-00.txt
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jun 2018 20:30:27 -0000

The Login Security Extension (draft-gould-regext-login-security) was posted (https://datatracker.ietf.org/doc/draft-gould-regext-login-security/) that enhances the security of the EPP sessions with the following:



  1.  Support for passwords (current and new) beyond the RFC 5730 limit of 16 characters in an extension to the login command;
  2.  Support for the server to return security warnings and errors in an extension to the login response (password expiry, certificate expiry, insecure cipher, insecure TLS, failed login statistics, etc.);
  3.  Support the optional passing of the client’s user agent in an extension to the login command for the server to identify functional or security constraints, current security issues, and potential future functional or security issues for the client.



Please review and provide any feedback privately or on the list.  I would like a slot in the REGEXT WG meeting to introduce and discuss this new extension.



Thanks,



—

JG







James Gould

Distinguished Engineer

jgould@Verisign.com



703-948-3271

12061 Bluemont Way

Reston, VA 20190



Verisign.com <http://verisigninc.com/>



On 6/4/18, 4:18 PM, "internet-drafts@ietf.org" <internet-drafts@ietf.org> wrote:





    A new version of I-D, draft-gould-regext-login-security-00.txt

    has been successfully submitted by James Gould and posted to the

    IETF repository.



    Name:                              draft-gould-regext-login-security

    Revision:         00

    Title:                  Login Security Extension for the Extensible Provisioning Protocol (EPP)

    Document date:           2018-06-04

    Group:                             Individual Submission

    Pages:                              18

    URL:            https://www.ietf.org/internet-drafts/draft-gould-regext-login-security-00.txt

    Status:         https://datatracker.ietf.org/doc/draft-gould-regext-login-security/

    Htmlized:       https://tools.ietf.org/html/draft-gould-regext-login-security-00

    Htmlized:       https://datatracker.ietf.org/doc/html/draft-gould-regext-login-security





    Abstract:

       The Extensible Provisioning Protocol (EPP) includes a client

       authentication scheme that is based on a user identifier and

       password.  The structure of the password field is defined by an XML

       Schema data type that specifies minimum and maximum password length

       values, but there are no other provisions for password management

       other than changing the password.  This document describes an EPP

       extension that allows longer passwords to be created and adds

       additional security features to the EPP login command and response.









    Please note that it may take a couple of minutes from the time of submission

    until the htmlized version and diff are available at tools.ietf.org.



    The IETF Secretariat

v2.23.0 | Report a Bug | By Email