IETF Logo Mail Archive

[regext] FW: New Version Notification for draft-gould-regext-secure-authinfo-transfer-00.txt

"Gould, James" <jgould@verisign.com> Tue, 25 June 2019 12:29 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B402112006E for <regext@ietfa.amsl.com>; Tue, 25 Jun 2019 05:29:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EdUDAMHaTbAc for <regext@ietfa.amsl.com>; Tue, 25 Jun 2019 05:29:42 -0700 (PDT)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6C2A12000E for <regext@ietf.org>; Tue, 25 Jun 2019 05:29:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=4620; q=dns/txt; s=VRSN; t=1561465782; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=jWR1fyNgMFmLpg84NajXW7Uyv23xKntSsdH9a0IL6WQ=; b=ZcLqHmMDI3nJOgdigrLbTzE8Y6e7CM6OGarj3AQ+0XHcUXd3Xne/1KXq +MNvTqlxoOD/8rnKkT4cgPWlO1KCiuDE4dE0AXasi/ePgE+RGG2HaX0yj lLT0XOeVNSLSVNsUab7hNKSus0+NdQDicMqdJF66uL5PWActsB1dxoWPR S+meqxj8Xf4ZXEPJSfqz+V3D3feomEB2Ci9vH8SYGazZf0A+5+ClE8JGS fhS3pMTRsCfn6Mdj58q3g0pQAHG8ySHYa1JtodNWKmzuhdCtQB2w+d9RT nPpvcDSu41asrpX6duJ13QP7TOswuwtNHB28hQRwzmuMD8e2NbXjAmdgS w==;
X-IronPort-AV: E=Sophos;i="5.63,415,1557187200"; d="scan'208";a="10526726"
IronPort-PHdr: 9a23:FFun/hbh4kULodkb9ylLCTX/LSx+4OfEezUN459isYplN5qZrs69bnLW6fgltlLVR4KTs6sC17OM9fm8EjFZqdbZ6TZeKcUKD0dEwewt3CUYSPafDkP6KPO4JwcbJ+9lEGFfwnegLEJOE9z/bVCB6le77DoVBwmtfVEtfre9FYHdldm42P6v8JPPfQpImCC9YbRvJxmqsAndrMYbjZZ8Jqor1xfErXREduRLyWh1IV6fgwvw6t2/8ZJ+7ihcoe4t+9JFXa7nY6k2ULtUASg8PWso/sPrrx7DTQWO5nsYTGoblwdDDhbG4h/nQJr/qzP2ueVh1iaUO832Vq00Vi+576h3Uh/oiTwIOCA//WrKl8F/lqNboBampxxi347ZZZyeOfRicq/Be94RWGxMVdtTWSNcGIOxd4sBAfQcM+ZEoYfzpFUBrRqiCgejC+zi0SNIiWTz3aEmz+gsCwPL0Qo9FNwOqnTUq9D1Ob8cXe60y6nI0DHDYO5O1Tzg7IbHaBUhru+XXb5+bMHczksvFwzCjlWNrYzqIiiY1voTvGiB7upgTuOvi2Ehqw1rvjevwcIsh5DPi4kIxF7E8iB5z5w0Jd2+UEN7f8CrEIFRtyGBNot2TcUiQ2BuuCkm0LEJpZm7fC0SxJQm2RHfd/KHf5KP4hL5W+acJypzinF9eL+nmhq+7VKsxvD+W8S6ylpGsypIn9fWun0C0xHf8tWLRudn8ku82zuDyxrf5vxLLE03j6bXNp0szqY+lpUNsknPAir7lUDsg6KVckgr4e2l5ur5brr7p5KRMpR7hwX/P6ksn8GyD+o1PwoTUGWd5O+yzqfs/VfjT7VPlvA2l67Zv43EKskDva65BhNV0p4k6xaiEzeqyNQYkmcDLFJCYB+KkpTnNUnTLP/4FfmxjFWjnCt1y/zcIL3uHpLNLmLbkLv7Z7ly9lRQyBQpzdBE4ZJYEK0OIPX2WkPptdzYCAE2MxCszur6FNlxzJ4SVGCBD6ODLa/fsVGF6vggLuSIfIMVvSzyK/kh5/7gl385nlodcLGr3ZsYb3C4A/BmLFiCbHrynNgBC2YKvhE/TOzljl2OSyJcZ3G3X64k/DE0FJqmDZvfRoCqmLGBxjm0HpJIaWFJFlCBCnboeJuYW/cCci6SJdVhkjNXHYSmHsU72B6jpBPSyrd7IKzT4CJS/cb52dd49/H7lBwu+3pzFcvLgE+XSGQh1EwPWjs6mOhdqElw0R3Lhap3hOFcGfRN6ulISQY1M9jXyOksWIO6YR7IYtrcEAXued6hGzxkFt8=
X-IPAS-Result: A2GIAgBIExJd/zGZrQpjA4IZgwGBLAqEDJhmlQaBPxclCQEBAQEBAQEBAQcBExIKAQEChD4ZgwE0CQ4BAwEBAQQBAQEBBAEBAQKLIAELgjoiHE0vCQEyAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBCAIIBzUSGwYjEUMUAQgaAhQSAgQwFQYBBgUECgmDIgGCGaUJgTGENgIOQUCEa4EMKIt1gUE+gTgfgkw+gmEBAQIBAYFHIgsKJgiCOzKCJgSOUIUcligDBgKCFYZQjTaCKWuGI44XiWKDRoEwhShdj1kCBAIEBQIVgVCCEXAVGksBgkEJgkMYFIM5hRSFP3IBCwEljTuBDYEhAQE
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 25 Jun 2019 08:29:39 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1713.004; Tue, 25 Jun 2019 08:29:39 -0400
From: "Gould, James" <jgould@verisign.com>
To: "regext@ietf.org" <regext@ietf.org>
Thread-Topic: New Version Notification for draft-gould-regext-secure-authinfo-transfer-00.txt
Thread-Index: AQHVK1Go+3TXOv5sIUCrjQELDm1Cjg==
Date: Tue, 25 Jun 2019 12:29:39 +0000
Message-ID: <2FE774F6-35D1-46B5-B403-2BA1CC8928B3@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.a.190512
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-ID: <63629FFE17EBF6469A891EB048AB08FE@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/nL-vNXMsNGtjYWveYEvZxaLid7c>
Subject: [regext] FW: New Version Notification for draft-gould-regext-secure-authinfo-transfer-00.txt
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jun 2019 12:29:44 -0000

The Extensible Provisioning Protocol (EPP) Secure Authorization Information for Transfer (draft-gould-regext-secure-authinfo-transfer) was posted to define a BCP for securing the authorization information using the existing EPP RFCs.  The overall goal is to have strong, random authorization information values, that are short-lived, and that are either not stored or stored as cryptographic hash values.  Review and feedback is appreciated.  

Antoin and Jim, I would like to have 10 minutes to introduce and discuss this draft at the REGEXT meeting at IETF-105.  

Thanks, 
  
—
 
JG



James Gould
Distinguished Engineer
jgould@Verisign.com

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com <http://verisigninc.com/> 

On 6/25/19, 8:23 AM, "internet-drafts@ietf.org" <internet-drafts@ietf.org> wrote:

    
    A new version of I-D, draft-gould-regext-secure-authinfo-transfer-00.txt
    has been successfully submitted by James Gould and posted to the
    IETF repository.
    
    Name:		draft-gould-regext-secure-authinfo-transfer
    Revision:	00
    Title:		Extensible Provisioning Protocol (EPP) Secure Authorization Information for Transfer
    Document date:	2019-06-25
    Group:		Individual Submission
    Pages:		17
    URL:            https://www.ietf.org/internet-drafts/draft-gould-regext-secure-authinfo-transfer-00.txt
    Status:         https://datatracker.ietf.org/doc/draft-gould-regext-secure-authinfo-transfer/
    Htmlized:       https://tools.ietf.org/html/draft-gould-regext-secure-authinfo-transfer-00
    Htmlized:       https://datatracker.ietf.org/doc/html/draft-gould-regext-secure-authinfo-transfer
    
    
    Abstract:
       The Extensible Provisioning Protocol (EPP), in RFC 5730, defines the
       use of authorization information to authorize a transfer.  The
       authorization information is object-specific and has been defined in
       the EPP Domain Name Mapping, in RFC 5731, and the EPP Contact
       Mapping, in RFC 5733, as password-based authorization information.
       Other authorization mechanisms can be used, but in practice the
       password-based authorization information has been used by the
       authorization information being set at the time of object create,
       managed with the object update, and used to authorize an object
       transfer request.  What has not been fully considered is the security
       of the authorization information that includes the complexity of the
       authorization information, the time-to-live (TTL) of the
       authorization information, and where and how the authorization
       information is stored.  This document defines an operational
       practice, using the EPP RFCs, that leverages the use of strong random
       authorization information values that are short-lived, that are not
       stored by the client, and that are stored using a cryptographic hash
       by the server to provide for secure authorization information used
       for transfers.
    
                                                                                      
    
    
    Please note that it may take a couple of minutes from the time of submission
    until the htmlized version and diff are available at tools.ietf.org.
    
    The IETF Secretariat

v2.23.0 | Report a Bug | By Email