Re: [regext] Security Lock anyone? (Was: Preliminary agenda for Prague, and call for agenda items)

I imagine that DNS as a communication channel to assure registrant willingness to change something, similar to CDNS/CDNSKEY, could be quite useful. For instance, if the name servers that are delegated on the registry are now pointing to new name servers, and this response is signed by the current DS/DNSKEY on the delegation, changing the DNS servers for that domain is pretty safe.

If registrant's adversary already has control of the domain DNS servers, preventing the change of name servers gives very little to the registrant.

Rubens

> On 25 Feb 2019, at 14:46, Tongfeng Zhang <tongfeng.zhang@cira.ca> wrote:
> 
> At .ca and all the TLDs CIRA operates,  we have a similar feature of registry lock.
> We are interested in standardization for sure.
> 
> There is a regiOps workshop coming up in May in Bangkok. I see a fit there if regext is not the right place.
> 
> Cheers,
> Tongfeng
> 
> 
> -----Original Message-----
> From: regext <regext-bounces@ietf.org> On Behalf Of Erwin Lansing
> Sent: Monday, February 25, 2019 11:25 AM
> To: regext@ietf.org
> Subject: Re: [regext] Security Lock anyone? (Was: Preliminary agenda for Prague, and call for agenda items)
> 
> Folks,
> 
> At .dk we also offer a form form of registry lock, called VID, which I’d like to redesign at some point.  Having a standardised, or at least similar “enough” product offering across different registries and TLDs would make it much more attractive for registrants.  Even though I won’t be in Prague, I’m certainly interested in following any standardisation effort.
> 
> Best,
> Erwin
> 
> 
> 
>> On 25 Feb 2019, at 17.11, Marc Groeneweg <Marc.Groeneweg@sidn.nl> wrote:
>> 
>> All,
>> 
>> At SIDN (for .nl) we have our own form of registry lock called .nl control (https://www.sidn.nl/en/nl-control?language_id=2). Perhaps this can be used as input for a joined effort in increasing security around registry/registrar operations.
>> 
>> Regards,
>> Marc Groeneweg
>> 
>> On 25/02/2019, 14:57, "regext on behalf of Gavin Brown" <regext-bounces@ietf.org on behalf of gavin.brown@centralnic.com> wrote:
>> 
>>   If a BoF happens in Prague I will certainly attend.
>> 
>>   On 25/02/2019 07:26, Alexander Mayrhofer wrote:
>>> Antoin, all,
>>> 
>>> 
>>> 
>>> for now this is more a question / request to the group, rather than a
>>> specific agenda slot request – but:
>>> 
>>> 
>>> 
>>> In the light of the recent attacks on registration interfaces, do we
>>> want to take a fresh look at standardization of “Registry Lock” /
>>> “Security Lock”. There’s some previous work on this topic (see
>>> https://tools.ietf.org/html/draft-wallstrom-epp-registrant-problem-statement-00).
>>> As Patrick pointed out, there’s also some IPR considerations in this
>>> area (See his blog post at
>>> http://www.circleid.com/posts/20150603_registry_lock_or_epp_with_two_factor_authentication/).
>>> 
>>> 
>>> 
>>> I constantly hear from registrars that “Security Lock” (our product
>>> name) would be much more attractive if there wasn’t a myriad of
>>> different processes at each registry – so my take is that there’s
>>> room for standardization (which probably goes beyond the pure EPP extension).
>>> I’m also hearing some fellow ccTLD colleages are interesting in a
>>> common “profile”.
>>> 
>>> Would regext be the right spot for such a discussion? If yes, would
>>> it be interesting to hold a 20 minutes slot in Prague? Or even a
>>> Bar-BoF before we “report back” to the working group?
>>> 
>>> 
>>> 
>>> Best,
>>> 
>>> Alex
>>> 
>>> 
>>> 
>>> 
>>> 
>>> *Von:*regext <regext-bounces@ietf.org> *Im Auftrag von *Antoin
>>> Verschuren
>>> *Gesendet:* Sonntag, 24. Februar 2019 14:43
>>> *An:* Registration Protocols Extensions <regext@ietf.org>
>>> *Betreff:* [regext] Preliminary agenda for Prague, and call for
>>> agenda items
>>> 
>>> 
>>> 
>>> Hi all,
>>> 
>>> Please find the preliminary agenda for Prague attached.
>>> I hope I captured everyone that has requested time to speak. If not,
>>> let the chairs know.
>>> We still have a little bit of time left on the agenda, so if you have
>>> urgent agenda items, let us know as well.
>>> If you are on the agenda, start preparing ;-)
>>> 
>>> 
>>> 
>>> 
>>> Regards, Jim and Antoin
>>> 
>>> - --
>>> Antoin Verschuren
>>> 
>>> Tweevoren 6, 5672 SB Nuenen, NL
>>> M: +31 6 37682392
>>> 
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> regext mailing list
>>> regext@ietf.org <mailto:regext@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/regext
>>> 
>>> 
>>> _______________________________________________
>>> regext mailing list
>>> regext@ietf.org
>>> https://www.ietf.org/mailman/listinfo/regext
>>> 
>> 
>>   --
>>   Gavin Brown
>>   Chief Technology Officer
>>   CentralNic Group plc (LSE:CNIC)
>>   Innovative, Reliable and Flexible Registry Services
>>   for ccTLD, gTLD and private domain name registries
>>   https://www.centralnic.com/
>>   +44.7548243029
>> 
>>   CentralNic Group plc is a company registered in England and Wales with
>>   company number 8576358. Registered Offices: 35-39 Moorgate, London,
>>   EC2R 6AR.
>> 
>> 
>> _______________________________________________
>> regext mailing list
>> regext@ietf.org
>> https://www.ietf.org/mailman/listinfo/regext
> 
> _______________________________________________
> regext mailing list
> regext@ietf.org
> https://www.ietf.org/mailman/listinfo/regext

Re: [regext] Security Lock anyone? (Was: Preliminary agenda for Prague, and call for agenda items)

Attachment: signature.asc