Re: [regext] draft-ietf-regexy-login-security
"Gould, James" <jgould@verisign.com> Thu, 14 November 2019 14:58 UTC
Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86FA0120144 for <regext@ietfa.amsl.com>; Thu, 14 Nov 2019 06:58:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rjXe5HGJm8QH for <regext@ietfa.amsl.com>; Thu, 14 Nov 2019 06:58:47 -0800 (PST)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69E85120113 for <regext@ietf.org>; Thu, 14 Nov 2019 06:58:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=2592; q=dns/txt; s=VRSN; t=1573743528; h=from:to:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version:subject; bh=ixIxffYV/qWFgCGg8gW1SyaOjyWjg2M9meTh8tZZyEg=; b=n9zUu7WTdT8C5BNx2OhVNIWm0XtL+DUtZj8hA69x7z53u4Cg/xgulDjZ i0KFpO/pIDBaC5jp1Nq3BrtZiETYTKtfe1QDxSbv8f2w/90DnAtDCjwxR tyb/w34t2zHewb5cAnishubem9Nx5C13GJov/a1AJKqWi/izMzyY41986 vbii6vpfuN146bNqpxccU6GcdpNgB63XloCBVB798p/YXNc/p/2ZSiwaV yYHFuI+3qrjeA7zp9PzS1nDaEGJelEoSp2Hujd3csYrQAppGPz2I/l9zn yY1R+j0L9RlOarwk1cZTTfmohaRIe3gf2ACtPDRfTaho2TzcVo+MnzGCP g==;
IronPort-SDR: 3SdwqtYZK0AgoU1QRf7HyM5PWXXWOyM3+mWsBno/4Gogk42MhVhtSENpYumnPJRyCEBMqPpWch swCWATJb7eIVqDQbl6lEr4FR4NvJ7MKfGVih2iWo0llEjvltMqFGSu0+BkArFQK/hUUEmo9P8E K/cEeJ7WgAn1GCsP5s1wt9ZQ3jloqCVp+Iov2HUxJR6T2g7/UEMO0zI0Ef6XUSWg0Sm5GxxNOu r5Ukx6gMNzgfkAFOCk1JR2+hVG7nT4320QwJAw1bX7A43Yej9NaX3zfMu9njEJakbEO6cdRRIZ 2mk=
X-IronPort-AV: E=Sophos;i="5.68,304,1569283200"; d="scan'208";a="62747"
IronPort-PHdr: 9a23:MZcAcRdIUi7ILYuco1UrJv7/lGMj4u6mDksu8pMizoh2WeGdxc26ZR2N2/xhgRfzUJnB7Loc0qyK6vumADdbqsjQ+Fk5M7V0HycfjssXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aFRrwLxd6KfroEYDOkcu3y/qy+5rOaAlUmTaxe7x/IAi4oAnLq8Ubj4VvJqkwxxbNv3BFZ/lYyWR0KFyJgh3y/N2w/Jlt8yRRv/Iu6ctNWrjkcqo7ULJVEi0oP3g668P3uxbDSxCP5mYHXWUNjhVIGQnF4wrkUZr3ryD3q/By2CiePc3xULA0RTGv5LplRRP0lCsKMSMy/XrJgcJskq1UvBOhpwR+w4HKZoGVKOF+db7Zcd8DWGZNQtpdWylHD4ihbYUAEvABMP5YoYfjulUOsRWwCwqiBOztxDBIh2P506I13Ok6DQHJxwkgE84SvHnOrtj4MroZX+CvzKnPyDXOd/1a1zb66IjVdhAuvOmAVq90f8XLzEkgCRjFgluNooHiPTOV2eMNs3Wf7+V9Tu+vlXAoqxtwoji0x8cshY/JipgJxVDD8CV02YA4LsC2Rk58ZN6rCppQtyeCOotoXMwiWWBouD07yr0Jv567fS4Kx4g9yxHDbPyHdpCE4hP9W+aNLzd0nnVleKiwhxu07EOuyfX8W9Gp3FpWtCZJj9vBu34X2xDO6sWKROFx80ii1DqXygzf9vtILV02mKbHMZIt37E9m5kJvUjeHSL6gEv2g7GVe0k4/+Wl7v7ob7biq5CHMoJ5hB/yPbkvl8G6Gus1NgkDUmqe9Omy2rDu/1D2TbNXhfMsiKbZqorVJcEDq668BA9az5gs5g6kDzejzNQYhX4HLE9ZeB6fj4jmJVXOIPfgAPqin1qiiCpnyPDeMLPuA5rBMmXPnK3/fblh7E5c0hIzwcpF6J1JEL0BPujzWlT3tNDCEhA5NAm0z/7mCNV7yIweRXqCDrKFPK/IrFOF5OwiL/ORaIIVtjvxMfco6v32gX88g1AdfK2p3ZUNaHC/G/RrO0eZYXXrgtccFWcFoxEzTPL0h12YUD5TfHeyX6065j0hFI2mCoLDSpi3gLOdxCe7AoFWZmdeB1CUFHflbJiLW/AQaC2IJM9ujyALVb+7R4A90hGusRfwy6B7IerM5i0YqZXj2cBv5+LNmhE96zN1D9iG3mGMUW50gm0ISyUx3KBlrkwugmuEhJBxn+ZZHt8bwv5XQAo5fcrEysR2DMz7XA7KeZGCT1PwBp3sGzw+Q8It694Df0g7HM+txFiXxSelDq8Jv72GGJJy9bjTiSvfPcF4njzp07Qlgx1uYMJKOHbszvp9+A/OA4LhjUiDlr2reqJa1ynIojTQhVGStV1VBVYjGZ7OWmoSMw6P9Yz0
X-IPAS-Result: A2FEAgDLas1d/zCZrQpiAxwBAQEBAQcBAREBBAQBAYF+gwyBMQqEH5Eag2qXAxcYDQkBAQEBAQEBAQEHARgLDAEBAoN5RQIXgi44EwIDCwEBAQQBAQEBAQUDAQEBAoYgDII7KQFiLwkBMgEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQUCCAc0GQc1EgEBHgEBAQMBASEROhsCAQgOCgICEgEBEgICAiULFRACBAESgyIBgwayToEyhU6FDIEOKIwtgUE+gTgfgkw+gmIBAYFLFhcKJgECBYJBMoIsBJAOnhADB4IqhxiJL4UggzGWU45HhzldIpFMAgQCBAUCFYFpgXtwFTsqAYJBCUcRFJUNhRSFP3QNJI8pDRWBDYEPAQE
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Thu, 14 Nov 2019 09:58:44 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1779.002; Thu, 14 Nov 2019 09:58:44 -0500
From: "Gould, James" <jgould@verisign.com>
To: Patrick Mevzek <pm@dotandco.com>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [EXTERNAL] Re: [regext] draft-ietf-regexy-login-security
Thread-Index: AQHVmid0dAgGrWm6gkWEpFx4M9uBWqeJ192AgAAFOwCAAAVvgIAAAu4AgAABHgCAAN0iAA==
Date: Thu, 14 Nov 2019 14:58:44 +0000
Message-ID: <797E68FC-8DEF-4A3B-BB29-30F57DA0E876@verisign.com>
References: <406eac6f-f908-4944-8f43-16df858b182f@www.fastmail.com> <78c95628e8f84901b7230f6674ee3120@verisign.com> <94e5e1f6-bd74-43ac-bef7-4d95ab91439e@www.fastmail.com> <28ca30c867da482088214cb27268e50e@verisign.com> <185ec4cf-177c-4269-8670-e68e5a72e82f@www.fastmail.com> <d14cf332c0ff4aa194ae548204ead373@verisign.com> <4b6bf0ef-4402-4d60-b096-fb407e99a875@www.fastmail.com>
In-Reply-To: <4b6bf0ef-4402-4d60-b096-fb407e99a875@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.f.191014
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-ID: <64B4E5B99620234EB01555F41C6D2DEF@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/ne6QGQorP6GGF-01RC5PXDoJLQs>
Subject: Re: [regext] draft-ietf-regexy-login-security
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Nov 2019 14:58:49 -0000
Patrick, Other proposals for the passing of authentication credentials for EPP would be interesting and I look forward to any proposal that comes up. New approaches were not a good fit for this draft, but certainly are for other drafts. For the management of the passwords (e.g., password encryption on the client-side, password hashing on the server-side, filtering passwords and other secure credentials like auth-info from the client-side and server-side logs, and ensuring that the password is never mirrored back in an error response) could be defined in a BCP draft. -- JG James Gould Distinguished Engineer jgould@Verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com> 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com <http://verisigninc.com/> On 11/13/19, 3:47 PM, "regext on behalf of Patrick Mevzek" <regext-bounces@ietf.org on behalf of pm@dotandco.com> wrote: On Wed, Nov 13, 2019, at 15:43, Hollenbeck, Scott wrote: > All > it takes is an Internet-Draft, or a note to the mailing list, to start > exploring alternatives. There were already, during discussion of this draft in fact. Maybe the form was incorrect, or not a good fit for this specific draft, so another draft might be a better idea, I can agree on that. But then, working on it and its adoption might be even slowler just because we just improved security a little, enough for most of the use cases to just not bother revisiting it again. Which is why I wanted the discussion to happen earlier, but that is the past behind us. -- Patrick Mevzek pm@dotandco.com _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
- [regext] draft-ietf-regexy-login-security Martin Thomson
- Re: [regext] draft-ietf-regexy-login-security Hollenbeck, Scott
- Re: [regext] draft-ietf-regexy-login-security Patrick Mevzek
- Re: [regext] draft-ietf-regexy-login-security Hollenbeck, Scott
- Re: [regext] draft-ietf-regexy-login-security Patrick Mevzek
- Re: [regext] draft-ietf-regexy-login-security Patrick Mevzek
- Re: [regext] draft-ietf-regexy-login-security Hollenbeck, Scott
- Re: [regext] draft-ietf-regexy-login-security Patrick Mevzek
- Re: [regext] draft-ietf-regexy-login-security Patrick Mevzek
- Re: [regext] draft-ietf-regexy-login-security Gould, James