IETF Logo Mail Archive

Re: [regext] How to handle Domain Info Command with empty authinfo/pw tag in command?

"Patrick Mevzek" <pm@dotandco.com> Thu, 23 January 2020 06:01 UTC

Return-Path: <pm@dotandco.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 133BB120033 for <regext@ietfa.amsl.com>; Wed, 22 Jan 2020 22:01:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dotandco.com header.b=vrFXDERx; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=UMCkpmuB
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2jtgEF-ddtZy for <regext@ietfa.amsl.com>; Wed, 22 Jan 2020 22:01:49 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7A9012002F for <regext@ietf.org>; Wed, 22 Jan 2020 22:01:48 -0800 (PST)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id DF4F822008 for <regext@ietf.org>; Thu, 23 Jan 2020 01:01:47 -0500 (EST)
Received: from imap1 ([10.202.2.51]) by compute3.internal (MEProxy); Thu, 23 Jan 2020 01:01:47 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dotandco.com; h= mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=UlRXCkywS3g6rW7DhHG3CCKHppMM/X6 SqZ/tqbBBO30=; b=vrFXDERx+pdYQF9sQYD8/Rqtk+/yPFUyDLRA2nipAduy6mI jO4FE6NB146gJOfR+jHHVPus35bkWb0MoSjc4sNWPis1BuRSYg5omfcycLvw7lBl tHhUfyuZ5UtJDvwTeRCMHqskmnF9Q0trXCGo+EQnzAyfk+gZSe5xM4kAWopa7lMV qKFz7hfRNIXW2mzSYwfSCSMk9dXeM88h0DX+vKfS8iQYSMwfUF3FtFPRLn2pEfZ/ B2LKogmFzov9H19OvCyexjM9Q8rvpmhbTj25zsbGt7yhKP3FwVUuh0NNehTeeS3c ZvPQZd1zIpTnpH/qLJIWKFeWDrM7KM/L9Jv/xRQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=UlRXCk ywS3g6rW7DhHG3CCKHppMM/X6SqZ/tqbBBO30=; b=UMCkpmuB2772MW15a5ixlI gUpFdrbgtyaE/ve4Zwp+FiaKelhegjWwwMCeS7ouG1UwJKoawp8vLrcH+NzrZkfz IfXrxAbAZyR1087gHCPHVQ7oMSxc6sn6vl8FNbWQipsPpUqF26ZT5YXXHYNoS9kr UwExiRnjdlljd4brLSmNGFi9gpGglxON0rXXXp+ysfubDQ1EQ75HWzmwUTYWzunL 0mtfRE5/aR2zTYGIb7ptTeMsPd5bFRshkQatBbp3CWUniwIMNgn44tCTqr5IAiN8 +Ti5iYWgPqyjp+eebDFwzFzwG9mwyABaDIOmewdlo5PCO6HUJ+Bqnz4JRRd3DKrA ==
X-ME-Sender: <xms:yzYpXqj_3PGiV0wXQN9PK5X93nvSmrmb1trepIq2Z6PXG683ZZnWHC_lz6Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrvddugdekhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreerjeenucfhrhhomhepfdfrrghtrhhitghkucfovghviigvkhdfuceophhmseguohht rghnuggtohdrtghomheqnecuffhomhgrihhnpehivghtfhdrohhrghenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehpmhesughothgrnhgutgho rdgtohhm
X-ME-Proxy: <xmx:yzYpXqArM2iSknNY_yo9GL-xfHmoTlGDb9JRvdPKn5WlD3hd1dpn1w> <xmx:yzYpXqXqIX7uOZAMOsmhmH0h-t5qBygobsNh5BpTt9HWSULhZ7uB7A> <xmx:yzYpXvo7z7hSda-l9ZG9M_fRmb33mA9YVh8kigchQDnVifnCNbi-ZQ> <xmx:yzYpXidrjkq12-Mu4JbAw6NkhvkWrerZw5zWhHVz_TKs-7-p9YRmWA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 76E88C200A4; Thu, 23 Jan 2020 01:01:47 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-775-g74f2d12-fmstable-20200121v1
Mime-Version: 1.0
Message-Id: <2e348f0a-c411-4389-a1e6-353e73bcb608@www.fastmail.com>
In-Reply-To: <68a5d403846d4042ab7db859499ab77b@verisign.com>
References: <d17d88d0-e9db-9416-1917-dc992fcd2d3a@switch.ch> <35BAECA0-9B4A-4C1F-9EEF-BA9C4BE2E325@verisign.com> <4bbb8a33bee54a8797fc75a1cf532899@switch.ch> <185b57cd-984c-4167-8e62-fc37dcf46fdf@www.fastmail.com> <436A323C-AD02-4FFE-A182-B9376AFF3783@verisign.com> <82ef0b63-13cb-403b-886d-de66f7086890@www.fastmail.com> <68a5d403846d4042ab7db859499ab77b@verisign.com>
Date: Thu, 23 Jan 2020 01:01:27 -0500
From: Patrick Mevzek <pm@dotandco.com>
To: regext@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/uateoGvMQ8N9bOcoD-XmsicwWK8>
Subject: Re: [regext] How to handle Domain Info Command with empty authinfo/pw tag in command?
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 06:01:52 -0000

Hello Scott,

On Fri, Dec 20, 2019, at 13:04, Hollenbeck, Scott wrote:
> > -----Original Message-----
> > From: regext <regext-bounces@ietf.org> On Behalf Of Patrick Mevzek
> > Sent: Friday, December 20, 2019 12:14 PM
> > To: regext@ietf.org
> > Subject: [EXTERNAL] Re: [regext] How to handle Domain Info Command with
> > empty authinfo/pw tag in command?
> 
> [snip]
> 
> > I remain in another side: other solutions, instead of passwords, should be
> > found.
> 
> I designed the authInfo concept to be extensible because I also thought 
> that passwords would have a limited lifetime. Patrick, if you have some 
> other ideas, why not toss them out for discussion?

I think I did; or at least I tried, both around the registrar passwords and the domain
passwords:

1) in previous discussion about the new transfer draft, I offered an alternative
that has at least the merit to not rely anymore so much on passwords which are
a dead end in my view:
https://mailarchive.ietf.org/arch/msg/regext/k42HEvU3E0whLGqmke49FyEiWuI

2) for the login security draft I said from the beginning that instead
of just relaxing the limits on password length, we may want to use
more standardized methods such as SASL, and in particular there are mechanisms
to authenticate without exchanging any password (SRP)
See https://mailarchive.ietf.org/arch/msg/regext/iMfmuxNgDbMHGMGehg8VT_oSklU


-- 
  Patrick Mevzek
  pm@dotandco.com

v2.23.0 | Report a Bug | By Email