[regext] FW: I-D Action: draft-ietf-regext-secure-authinfo-transfer-04.txt
"Gould, James" <jgould@verisign.com> Wed, 21 October 2020 19:34 UTC
Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 997803A145C for <regext@ietfa.amsl.com>; Wed, 21 Oct 2020 12:34:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 028vMqzPgPd6 for <regext@ietfa.amsl.com>; Wed, 21 Oct 2020 12:34:50 -0700 (PDT)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA0BA3A12AF for <regext@ietf.org>; Wed, 21 Oct 2020 12:34:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=25145; q=dns/txt; s=VRSN; t=1603308874; h=from:to:subject:date:message-id:mime-version; bh=dh5PxV+99eHQ21a2CcC5SYDt33cZMKjEnUZeEYyEM7U=; b=U8n7MnjdOr7OTje9TZzTZBwa6JSqjCAehwoZVkDVU3aLlXiXNVAV4ATv iQMEJP5McEPW0664KBr2YxHvhkRGkQ4v0mawmCXUqcPlFNCF6X6m13yIW ZvrZiOS6wJ5qqGeW5zBw11a64QU7AsIYLI6YYCDQI1ZfzedWprDkJteaV WyBBlWKZ62nuQ1ys5mtNIn9wr0++vkweNnBOTcqURppJYA2CYzPVawQUA /T20U37rsxE1ppwIT+AfXfETPDKVG36EH4Ymxjblo5+X6w3wqfgcp7QuR fYIK1jtvPLuDweEYsPh/Q6bkvim4CyoaRfz0hn6lPWh3QhW1ftaOFhHUd w==;
IronPort-SDR: pgUfNrKwLOC2BJjJeb573I+CEIktaToGtsOyIgf+N9/9+hVMQVB9oqcyW6hZHT5THhgmrEv5CR Asc2pYK7iUBqfHub9ggBqhChlOKQ92mBc34K1uROCz7NRrXAP8HdD7HgIbjBSMqmDc5kStYz6V 1VZpiSJ/9NyHtw9Jv33qkbzQxTI1HmHbJaM38j+jUEyxHqT/ZTzbVUtOQ8xZSLfnMEBWBc4z/h vFP64kH/ZIcMKIzxwj4CX828uN2JgYNZz0rxBxJqcic6Z1tMaO1rEYgZHPe33CmjReQQ6dfiWx mAI=
X-IronPort-AV: E=Sophos;i="5.77,402,1596499200"; d="scan'208,217";a="3634373"
IronPort-PHdr: 9a23:CEKLchfbmO6V2YpQBt9XfEqllGMj4u6mDksu8pMizoh2WeGdxcW+YR7h7PlgxGXEQZ/co6odzbaP7Oa/BCdcu96oizMrSNR0TRgLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVrO+/7BpDdj9it1+C15pbffxhEiCCybL9vLhi6twfcu8kZjYZtNKo61wfErGZPd+lK321jOEidnwz75se+/Z5j9zpftvc8/MNeUqv0Yro1Q6VAADspL2466svrtQLeTQSU/XsTTn8WkhtTDAfb6hzxQ4r8vTH7tup53ymaINH2QLUpUjms86tnVBnlgzoBOjUk8m/Yl9Zwgbpbrhy/uhJ/34DaboKbO/p/YqzScsgXSnBdUsZUTSFNHpmxYokJAuEcPehYtY79p14WoBewBAesA/7vyjtViXPuwKY01/4uEQTY0ww7Ed4FrXPZrNf6NKcVTOC1yLTHwC7db/xIwzf96ZPIchEuofGKR75/bc3RyUw2Gg7Dk16fppDrMSmP2eQRr2iU8fBgVeS3hmAppQ9/ojehytssh4TJiY8YyFHJ+Cd3zYg1O9G1RkB2bcOmHZZeqy2XNYp7T8MsTW9ovCs31qEKtYKmcCYK1pgqwQPUZfKAc4iN+B3jVeCRLC9mhH17YrK/hg2y8Umvyu36V8m01kpFojBZndnLs3ABzwDc6smcSvRh+UetwyqA1wfW6u1cIEA7i7bbK5A7zr43jJoTvkLOFTL1lkXulKKaa1ko9vK15+nlbLjqvIKQOo96hw3kPakjntSzDfkkPgQUQmSW+/iw2Kf+8UD2Q7hGlOA6n6rfvZvHP8oUvLS5DBVQ0os77ha/CCqp38oAkHkcKVJFZAqHj4/0O1HSOPz4Demwg1CrkDpz2v3IIqXvDojNIXbbn7nufKpx51BGxAot0d9f4IhUCqkbLP3pR0D9rsLYDgUiMwyy2eroFNJ91oYGVWKOBK+WLr/SvEeV6u4zOeWAeY0YtTjnJ/Q45/Pjg2U1lFAZcKWx2JsYcnG4HvBoI0WDZnrsh88MEWUFvgo5UezqjECNXCVNZ3msRaI85yo7CIOpDYfFXIyinLuB3CKjEp1Mem9GEkyMEWvvd4icQfcDdi2SLdFukzwYTrWhSpEu1Q2gtAPgzLpnNOXUqWUkssepztV66v3PvRA/6TIyCN6SmSnZVWx7k3MUbz47wK45plZynASty6991rZ3EsFX67cBcA4/OIWWh7h4BNfvXg7pYNqTSU2nTdPgCjY0GIFii+QSalpwTo3xxivI2DCnVucY
X-IPAS-Result: A2GYBQCpjJBf/zGZrQoWBUIDglqBIYF3gTQKhDKVFpdvFyYLAQEBAQEBAQEBCAETDBAEAQEChEgZgWIRJjgTAgMBAQsBAQEFAQEBAQEGAwEBAQKGSgELgjciez0JPQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQUCCAc0GQc1EiAGI0sdAQguAQESAgQwGwEGBQQKCYMmAYF+i0KmeYEyhVeFCoE4AYZhhnKBQj6BESccgk0+glwCA4FEJAsKJgECBYJIM4IsBJNQhxEmi2CRGQMHgmqJBItZhhofgxaBKohjkgSCM44shQ2BfIcDEoFjlUACBAIEBQIVgWuBe3AVGiEqAYI+CUcXAg2OKhiDToUUhUJ0DicDAgYBCQEBAwmMBA8VgQ+BEQEB
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Wed, 21 Oct 2020 15:34:29 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%4]) with mapi id 15.01.2106.002; Wed, 21 Oct 2020 15:34:29 -0400
From: "Gould, James" <jgould@verisign.com>
To: "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [regext] I-D Action: draft-ietf-regext-secure-authinfo-transfer-04.txt
Thread-Index: AQHWp+Exdg10hHOpj0+OywT7/NhjMA==
Date: Wed, 21 Oct 2020 19:34:29 +0000
Message-ID: <30C6B451-6B31-4AEC-8E24-07FEA050BAEB@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.41.20091302
x-originating-ip: [10.170.148.18]
Content-Type: multipart/alternative; boundary="_000_30C6B4516B314AEC8E2407FEA050BAEBverisigncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/Vr6WKEMexOWzCBA2ITSOPIv4le0>
Subject: [regext] FW: I-D Action: draft-ietf-regext-secure-authinfo-transfer-04.txt
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2020 19:34:53 -0000
The WGLC for draft-ietf-regext-secure-authinfo-transfer ended on Friday, October 16th. The following are the changes included in draft-ietf-regext-secure-authinfo-transfer-04: 1. Converted from xml2rfc v2 to v3. 2. Updated Acknowledgements to match the approach taken by the RFC Editor with draft-ietf-regext-login-security. 3. Changed from Best Current Practice (BCP) to Standards Track based on mailing list discussion. Please review and provide feedback on anything missed. Thanks, -- JG James Gould Fellow Engineer jgould@Verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com> 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com <http://verisigninc.com/> On 10/21/20, 3:29 PM, "regext on behalf of internet-drafts@ietf.org" <regext-bounces@ietf.org on behalf of internet-drafts@ietf.org> wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Registration Protocols Extensions WG of the IETF. Title : Extensible Provisioning Protocol (EPP) Secure Authorization Information for Transfer Authors : James Gould Richard Wilhelm Filename : draft-ietf-regext-secure-authinfo-transfer-04.txt Pages : 28 Date : 2020-10-21 Abstract: The Extensible Provisioning Protocol (EPP), in RFC 5730, defines the use of authorization information to authorize a transfer. The authorization information is object-specific and has been defined in the EPP Domain Name Mapping, in RFC 5731, and the EPP Contact Mapping, in RFC 5733, as password-based authorization information. Other authorization mechanisms can be used, but in practice the password-based authorization information has been used at the time of object create, managed with the object update, and used to authorize an object transfer request. What has not been fully considered is the security of the authorization information that includes the complexity of the authorization information, the time-to-live (TTL) of the authorization information, and where and how the authorization information is stored. This document defines an operational practice, using the EPP RFCs, that leverages the use of strong random authorization information values that are short-lived, that are not stored by the client, and that are stored using a cryptographic hash by the server to provide for secure authorization information used for transfers. The IETF datatracker status page for this draft is: https://secure-web.cisco.com/1EgRjgku8x3Km5JfhgQuWfmGV6lwNhSwZOtZ2lDscdUkSS52HJ3sTfBo7_cMRE7DUiv_QgMaeIkQdUfaACitDc5RyhnI93rUeCJB2tFkZy_nWr-PfZAYj5vwXUNQh718p_1Pt5qyDX0hbDYTRl-yPzyhRPYGDCKPurQ-9eNdDWNl3n3yZLljD-qJTRlSDDCiWeCmd1DDJL-Nuy4RgUmhMfAJ4f016F6eVVugCeu2x-ywUMssOKMTinUQ3Z_2D6Wy39RKS3s0JJvNGgDuqkkHfvA/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-regext-secure-authinfo-transfer%2F There is also an HTML version available at: https://secure-web.cisco.com/1g-oFG2Rb0q9OudOZLHcWqayl3iWcDsYYYKy_6mZX5TsIDTEMFbpB8B8L4mb9TWJ-vFrG2RHBB7bsYZ2z_-XKj-6BddfRt9vXlGSTzJx474CwTJvAVoCwjlVA8jxti_HkcFOeSzwKetNXaIhmsJZ2aPEe3VyhHqJJZGabO40l1olRshbuxP_OHRZbmpOqQ5xw55XgLktAb2HU4e2cnkdpaDV_OU13sILJk3y7ygn1ketFtPURul2FndhvLi5xlp8yfh4qF3tJkGnzZjyquShCwkLTcqXHIhpBByxMjXKAWvw/https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-ietf-regext-secure-authinfo-transfer-04.html A diff from the previous version is available at: https://secure-web.cisco.com/1HzsdHG6E7e8J9WSPH21O9ZCeVdqvKbyoCVxIuh_fnzuTDUjS0XmsEJ1q1BmFd_kpxgEjtGnAGIV55-i56OxtBOQV6XvwaYkP-g6ThI4FE9vJToZ_G0_kQLQz3kof8i7NRmB6Qzd0nXBM61logPXuDrs20JR9HIOd4vf7aGyHF73BgclQZi2X8pRvaBc-KiZeps-bPXnjE3g3B_5e70EUOiFOBOFlHdwAtuUCwHF93nB6lmkNqxi_pWcDNMpfDxVlclRNn3L8-vgt7P1TXHC_Yle0wx2fbGTSUx6JO2rnfu4/https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-ietf-regext-secure-authinfo-transfer-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ regext mailing list regext@ietf.org https://secure-web.cisco.com/17C2eFpLRJfccIq47DXAl5UQJCNzM_o4m5jyYP_s06DJOGkItUWrzLbgT9LA8u1ANCu2TUWFe73Vrrey46g4bls0KvUQpstLcHWLZA8iaFc1iibb18LEYLg2-QiVXpbGqvf1_s4TJXy8FMCpRpVFM2gZ_xJmXUuVt7_rsMX30M7kJTo-3THwoYhypnSxpHF1GhIV92GlKFED3WfXO50NDzyeNAukn5Bf6amWblGqyhPAzIEDB1PhHPTcCWI_NAm-ePr9DZbr3nsZhA-g2SiIi1yvh4EwL1_qsiWX3Y2Juiio/https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fregext
- [regext] I-D Action: draft-ietf-regext-secure-aut… internet-drafts
- [regext] FW: I-D Action: draft-ietf-regext-secure… Gould, James