IETF Logo Mail Archive

Re: [regext] Security Lock anyone? (Was: Preliminary agenda for Prague, and call for agenda items)

Marc Groeneweg <Marc.Groeneweg@sidn.nl> Mon, 25 February 2019 16:12 UTC

Return-Path: <Marc.Groeneweg@sidn.nl>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E258130F50 for <regext@ietfa.amsl.com>; Mon, 25 Feb 2019 08:12:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sidn.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mHMH17NCDhr0 for <regext@ietfa.amsl.com>; Mon, 25 Feb 2019 08:11:57 -0800 (PST)
Received: from arn2-kamx.sidn.nl (kamx.sidn.nl [IPv6:2a00:d78:0:147:94:198:152:69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C573130F73 for <regext@ietf.org>; Mon, 25 Feb 2019 08:11:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=sidn.nl; s=sidn-nl; c=relaxed/relaxed; h=from:to:subject:thread-topic:thread-index:date:message-id:references:in-reply-to:accept-language:content-language:x-ms-has-attach:x-ms-tnef-correlator:user-agent:authentication-results:x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id:x-microsoft-antispam:x-ms-traffictypediagnostic:x-microsoft-antispam-prvs:x-forefront-prvs:x-forefront-antispam-report:received-spf:x-microsoft-exchange-diagnostics:x-ms-exchange-senderadcheck:x-microsoft-antispam-message-info:content-type:mime-version:x-originatororg:x-ms-exchange-crosstenant-network-message-id:x-ms-exchange-crosstenant-originalarrivaltime:x-ms-exchange-crosstenant-fromentityheader:x-ms-exchange-crosstenant-id:x-ms-exchange-crosstenant-mailboxtype:x-ms-exchange-transport-crosstenantheadersstamped; bh=vHPO9NmcVR3R6uM1I65/KacCgzKt96iWCtBswN43LbA=; b=Lal+uNoZpYiqnhovs9ahsY+1OcRzXFAvtyU/ba+yZS6fNFL0q0qlAYpIXiIKvX/Hl1gN1YtYopPD+W38OlWBYKTgDIS/sJ4zkyfuvwj0MgE+KgIghxgNAEQ6CxhV1ycrr3xvKoNeO+6/V0ezhF1GeuDlkVdDOFAOJneFa03w9BVbnzigHNQCMiMlqr2w29lKgAS2YpvktrvPV1y4OhpJ1/N9n982z+qVwWMDJbTVtVAMJQc1ZlJZ9UP7C7KyQOBXGw3HM3TyQOFiLU7t+UwpWOru7/DQkKFfqxn+ZIaClRyyo4/qx6Siwcqd2iIUMm+XBEDzuoISsV494vhIo/uYFw==
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-he1eur02lp0209.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e05::209]) by arn2-kamx.sidn.nl with ESMTP id x1PGBsQs005598-x1PGBsQu005598 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=CAFAIL) for <regext@ietf.org>; Mon, 25 Feb 2019 17:11:55 +0100
Received: from HE1P194MB0188.EURP194.PROD.OUTLOOK.COM (10.171.128.16) by HE1P194MB0218.EURP194.PROD.OUTLOOK.COM (10.171.127.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.18; Mon, 25 Feb 2019 16:11:52 +0000
Received: from HE1P194MB0188.EURP194.PROD.OUTLOOK.COM ([fe80::59b9:3499:931:3ca8]) by HE1P194MB0188.EURP194.PROD.OUTLOOK.COM ([fe80::59b9:3499:931:3ca8%10]) with mapi id 15.20.1643.019; Mon, 25 Feb 2019 16:11:52 +0000
From: Marc Groeneweg <Marc.Groeneweg@sidn.nl>
To: Registration Protocols Extensions <regext@ietf.org>
Thread-Topic: [regext] Security Lock anyone? (Was: Preliminary agenda for Prague, and call for agenda items)
Thread-Index: AdTM217VKOovYDXpRTyT+c+9wEU8PQANqBYAAAbMm4A=
Date: Mon, 25 Feb 2019 16:11:52 +0000
Message-ID: <C4A68CA3-1ADE-4959-A51E-A73F4A4914DC@sidn.nl>
References: <19F54F2956911544A32543B8A9BDE0759FBF8765@NICS-EXCH2.sbg.nic.at> <8175501f-3365-c8d1-7a76-a4584e76734e@centralnic.com>
In-Reply-To: <8175501f-3365-c8d1-7a76-a4584e76734e@centralnic.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.16.1.190220
Authentication-Results: arn2-kamx.sidn.nl; spf=pass (sidn.nl: domain of marc.groeneweg@sidn.nl designates 2a01:111:f400:7e05::209 as permitted sender) smtp.mailfrom=marc.groeneweg@sidn.nl
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Marc.Groeneweg@sidn.nl;
x-originating-ip: [77.250.223.127]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e1f8ef34-3caa-491b-1553-08d69b3bf486
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600110)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(49563074)(7193020); SRVR:HE1P194MB0218;
x-ms-traffictypediagnostic: HE1P194MB0218:
x-microsoft-antispam-prvs: <HE1P194MB0218EADCB534BB1E08F6B240947A0@HE1P194MB0218.EURP194.PROD.OUTLOOK.COM>
x-forefront-prvs: 095972DF2F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(346002)(376002)(39840400004)(396003)(366004)(53754006)(199004)(189003)(8676002)(81166006)(81156014)(446003)(229853002)(6486002)(6116002)(3846002)(476003)(2616005)(186003)(36756003)(305945005)(486006)(7736002)(106356001)(11346002)(99936001)(26005)(105586002)(14454004)(6916009)(5024004)(6246003)(74482002)(25786009)(14444005)(256004)(72206003)(82746002)(6306002)(6512007)(7110500001)(478600001)(83716004)(8936002)(97736004)(102836004)(53546011)(66066001)(71200400001)(71190400001)(33656002)(966005)(58126008)(6436002)(68736007)(86362001)(316002)(6506007)(99286004)(2906002)(5660300002)(76176011)(15650500001)(2420400007)(53936002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1P194MB0218; H:HE1P194MB0188.EURP194.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: sidn.nl does not designate permitted sender hosts)
x-microsoft-exchange-diagnostics: 1;HE1P194MB0218;23:FyVFRjHYubzb37KPpwqwXy+dibdeY3TSf8MBJ56lNSL9GM1yMiAfJHLlYzho4dQHN5dEtBB3DbyU8JGxJknmlKcSNfPKmdXcTrrrNXoKVSaHt/Sp+CJSnPqALNMwk1OgwS6zThAfHdRS72nOQ1RN8WlKb1LB3pARSSY8lhln2tcUA4Pij6e15m7nG725Ul5M2Z5YIAFgEIewD5dPX+w91SvVnIoU30F3Brdr1OItEQGE3H5TazCmtUjCDfA/WLfQywTQ6hgKw3qG2AJbF5xdUiqrTcnvBOyc19UJ5qqBsorjN6hi+LgYcPvNGbAL3/uYZxvb7LppVwjoIBu79rKS4LwbFpTE+B77dNcHOn1Ul/JJ3Kj7z3NC72vFqZzHkw0vfwsIiQV9/TcPUyhZqmkW+QKibUHSezilijRuoOBEQzkeX0mR3yIKkmISBv65ONbcpiy59kt/dnYH89BNJm4MEiCo/BfpBip+PiPUZaawvn5gLEqmviVtM6BtzMKQswvwq5AUTdfYHYG3WpcBlkoEj2Qy/WLXnJdR2Q04NgbqLRlLZ3mkdj/0UBod+01mKShuinlrgDq0d3FP3VlorZyLBHpL4yMdBhdJ1I5a7TAcwUiTSzRo8Odqu6Jr14tc0vRsRTvvblFXwmO5j/exNxhiDAqgL2hPoz+vvDWKPIgH7ubs36KvAj/3xkJ1NGTlbpu/W7QC3cLNfX8JzWOy4zS9avfy+74KQB5OnhfS2R7ndSXeKaNP7vfhwXFa52ovjaZSjjGIPoujtSduUo/qsolXizT46v/ck1uXsZ3Mz/ZhporPCeUHt9fXymfcatiCA3BG2hA3qhAHWQIoJrwBxax+ilk0EcVqmmvY/RRaBw6rbEunDM02fHRpnh0A5Hu7HJXgD0w1lFCJT4fIHyEkCwdYP9KdXkKm0lw1cXcgdH37/CC6pFsi6Alg3n690LAGyz3cQQuBDbdNUgzuwSfkMh1vgplgDe4yhVUE6HRegzsASI4rRd4a3pVtJ/Y8CWre9YnVCEUwd5jYPeAKp+UwjwK2TJR5k5SA3u5txL5sK1KG9DIEWQyzHBiXxwO/txtlHFgOObz4Ct3pcv3e/7zu3JgXuaGVwW7uFksY13GmqsThselQAKrBx4LBzdYoS/TbTY1lO7GUzLN4w5/aowwEOi5W/3bv4QaRgvXwJ5J6tgrwCz/4A5w60Dn3GiCcscL8MECmTd2WUY0nCYa5CTcjI5TTsJiik+jVMCas5jUDnKp/JcI9uzbKhB33r+5WPIBiCB2oHWTNVvzQIirnJY7NWMDPws2ZgMdewofCC+oCv2a8aIrgPziYXDO65MAxWh7NaET868255QPb12FkntxbOggsiAOEV8aQlR+CvtlMw+yN1g166/SJEYieGFdGGxBU5RUatthpksHGrPVj3UoUEUoKgoT9Cdx+eTrPyfHKsaUZKtXZ27gw8ilZyRyf279BvfkC
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: iXNWyBCYTaMPXnasy/GA04LD72v0MGv30goCjkLI93/Ieangh21toGp7AYHGonkMeNwb25V/DJmPkTTcQBCR7jJyRodGy9PT7/4kP3FWz93GBXcnb+HEA1mJ5clelK6aaB7vCW3NCG5BWWwVHDN7UGNWzbbWlCeULa8uDQ/kU4FVpHcsgiC8bI0pwY99S3SYPCfSGKd9s6IRYxu4KoTJ1sGAJovG4jjejI4GOM5BbhnSilPGa/ewBiT9WAjX8ttBUz4f/mQiKBbkSn0YM6tXuJYMkCHbwACfIOFp4NhAH/WQXpsltt8V4ckeE791i+0B+0sJ+lvOkqogu+5VyRdi6m5dfBM0zsoUMhMkogeOVOQGSxPz57fHYH456bR0Btqso++wQjIVMeHaXIegjv9sRV7Z8HhQkVpjHywzkTUlBqE=
Content-type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3633959512_1784195638"
MIME-Version: 1.0
X-OriginatorOrg: sidn.nl
X-MS-Exchange-CrossTenant-Network-Message-Id: e1f8ef34-3caa-491b-1553-08d69b3bf486
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Feb 2019 16:11:52.5496 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ab4d3626-c1c5-4a75-ab85-427f1a644a7d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1P194MB0218
X-FEAS-SPF: 2 / 2, ip=2a01:111:f400:7e05::209, helo=eur02-he1-obe.outbound.protection.outlook.com, mailFrom=marc.groeneweg@sidn.nl, headerFrom=marc.groeneweg@sidn.nl
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/eyARlfq3V4WuHr1m8lqVzmRHDNg>
Subject: Re: [regext] Security Lock anyone? (Was: Preliminary agenda for Prague, and call for agenda items)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Feb 2019 16:12:09 -0000

All,

At SIDN (for .nl) we have our own form of registry lock called .nl control (https://www.sidn.nl/en/nl-control?language_id=2). Perhaps this can be used as input for a joined effort in increasing security around registry/registrar operations.

Regards,
Marc Groeneweg

On 25/02/2019, 14:57, "regext on behalf of Gavin Brown" <regext-bounces@ietf.org on behalf of gavin.brown@centralnic.com> wrote:

    If a BoF happens in Prague I will certainly attend.
    
    On 25/02/2019 07:26, Alexander Mayrhofer wrote:
    > Antoin, all,
    > 
    >  
    > 
    > for now this is more a question / request to the group, rather than a
    > specific agenda slot request – but:
    > 
    >  
    > 
    > In the light of the recent attacks on registration interfaces, do we
    > want to take a fresh look at standardization of “Registry Lock” /
    > “Security Lock”. There’s some previous work on this topic (see
    > https://tools.ietf.org/html/draft-wallstrom-epp-registrant-problem-statement-00).
    > As Patrick pointed out, there’s also some IPR considerations in this
    > area (See his blog post at
    > http://www.circleid.com/posts/20150603_registry_lock_or_epp_with_two_factor_authentication/).
    > 
    >  
    > 
    > I constantly hear from registrars that “Security Lock” (our product
    > name) would be much more attractive if there wasn’t a myriad of
    > different processes at each registry – so my take is that there’s room
    > for standardization (which probably goes beyond the pure EPP extension).
    >  I’m also hearing some fellow ccTLD colleages are interesting in a
    > common “profile”.
    > 
    > Would regext be the right spot for such a discussion? If yes, would it
    > be interesting to hold a 20 minutes slot in Prague? Or even a Bar-BoF
    > before we “report back” to the working group?
    > 
    >  
    > 
    > Best,
    > 
    > Alex
    > 
    >  
    > 
    >  
    > 
    > *Von:*regext <regext-bounces@ietf.org> *Im Auftrag von *Antoin Verschuren
    > *Gesendet:* Sonntag, 24. Februar 2019 14:43
    > *An:* Registration Protocols Extensions <regext@ietf.org>
    > *Betreff:* [regext] Preliminary agenda for Prague, and call for agenda items
    > 
    >  
    > 
    > Hi all,
    > 
    > Please find the preliminary agenda for Prague attached.
    > I hope I captured everyone that has requested time to speak. If not, let
    > the chairs know.
    > We still have a little bit of time left on the agenda, so if you have
    > urgent agenda items, let us know as well.
    > If you are on the agenda, start preparing ;-)
    > 
    > 
    > 
    > 
    > Regards, Jim and Antoin
    > 
    > - -- 
    > Antoin Verschuren
    > 
    > Tweevoren 6, 5672 SB Nuenen, NL
    > M: +31 6 37682392
    > 
    > 
    > 
    > 
    > 
    > _______________________________________________
    > regext mailing list
    > regext@ietf.org <mailto:regext@ietf.org>
    > https://www.ietf.org/mailman/listinfo/regext
    > 
    > 
    > _______________________________________________
    > regext mailing list
    > regext@ietf.org
    > https://www.ietf.org/mailman/listinfo/regext
    > 
    
    -- 
    Gavin Brown
    Chief Technology Officer
    CentralNic Group plc (LSE:CNIC)
    Innovative, Reliable and Flexible Registry Services
    for ccTLD, gTLD and private domain name registries
    https://www.centralnic.com/
    +44.7548243029
    
    CentralNic Group plc is a company registered in England and Wales with
    company number 8576358. Registered Offices: 35-39 Moorgate, London,
    EC2R 6AR.

v2.23.0 | Report a Bug | By Email