Re: [regext] FW: New Version Notification for draft-gould-regext-secure-authinfo-transfer-00.txt
"Patrick Mevzek" <pm@dotandco.com> Tue, 02 July 2019 05:56 UTC
Return-Path: <pm@dotandco.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B59B1200A4 for <regext@ietfa.amsl.com>; Mon, 1 Jul 2019 22:56:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dotandco.com header.b=LLCiqPnt; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=QMAb5lh+
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k1ee1VkCJaBi for <regext@ietfa.amsl.com>; Mon, 1 Jul 2019 22:56:46 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47A9B12004D for <regext@ietf.org>; Mon, 1 Jul 2019 22:56:46 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 5BADB21F3C for <regext@ietf.org>; Tue, 2 Jul 2019 01:56:45 -0400 (EDT)
Received: from imap1 ([10.202.2.51]) by compute3.internal (MEProxy); Tue, 02 Jul 2019 01:56:45 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dotandco.com; h= mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm3; bh=txerGiHKApEs2MJWsrph6BjKqDuSSQH 6hbDU1FhaHmk=; b=LLCiqPnt7KijvOPVLvQfUws0pbNW7qNjdI5ECeFGOJDg1xB P9vZs96CjEZ3hTeyNdveXSFCIhJsXLx56tC3kuEpbRN4QV9LZqcx/tYAzwUe8f5v aK24VeKmQXf8Ssn+bourK4GZNNRhwwxArE+v2mRPtuxhD/hUwlN1DdljpUjPIInc u6h0LriJANyVI3bs59W0NLsZl1vVuTBydZJHGxGES67Qmc3ZDz67NCVQguTPnp5a yrNXQzDcXiG1KR0J2IoVxFc+8xPgmFKlMnWfWCJVC8FYbBYkSm7HSlno4gV6n6JM pkRmttTwNNZNI25Cwrc4ZgCW7EKKAX9A1MArz9A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=txerGi HKApEs2MJWsrph6BjKqDuSSQH6hbDU1FhaHmk=; b=QMAb5lh+vFS5SNUR+MW+9o VHDlZ8HW4Xfux4tCCyO0NWTkzUZRy3+NKpI99jra7nrUQfQiNhfFhQlf8ut09ADx h49T91dwmbPMeC7Sp8GTxOax4dZmYB+GiZr9W8LWqQbfMk8eJwedyFnbZXR+7W02 5uL92//EtEStW6xH1DRwfdLPc0YNtT/QgRw1W4LYMc+TuJVsz5GYmjBLtRFZ6msq m48gpnVH9xUmJ/n3GMA3CwjeF5OCwOY9MFnauglLp35SufHWGxka/96ERyVIpaL/ TODBYuwB0ayzuqkvr5JpHk8QbvttZRY3LKlgoBsgSS/TlovGHFlfFOeJKOuRjNSw ==
X-ME-Sender: <xms:HfIaXS5MqKb_hkE2_KWVY3hFhiHPM0ICbd9r4hf0XNEp15W5aDFmiYTKb3o>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrvdejgddutddtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderreejnecuhfhrohhmpedfrfgrthhrihgtkhcuofgvvhiivghkfdcuoehpmhesugho thgrnhgutghordgtohhmqeenucfrrghrrghmpehmrghilhhfrhhomhepphhmseguohhtrg hnuggtohdrtghomhenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:HfIaXYkPLFaHJApo3TgYtY8eHFvFiTQ3M5IpZ5oxecYLz-QlIKgPLQ> <xmx:HfIaXVWW8eCalCPBzo_f2zhZGM3KSjvSawup8IAHv1gNDMGAbvau7g> <xmx:HfIaXZRTD76IJuAgdQZ7Y_aQ9rOykd3hLlMyXYi1REWfOOsNomYA-g> <xmx:HfIaXYR1VkAjQIhEXDtouD4NRuagtVfIl1gKHYV6QnDxFV3g8kT28g>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 08D82C200A4; Tue, 2 Jul 2019 01:56:45 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-731-g19d3b16-fmstable-20190627v1
Mime-Version: 1.0
Message-Id: <9aad0040-20f6-480e-90d6-090ca91c18d3@www.fastmail.com>
In-Reply-To: <2FE774F6-35D1-46B5-B403-2BA1CC8928B3@verisign.com>
References: <2FE774F6-35D1-46B5-B403-2BA1CC8928B3@verisign.com>
Date: Tue, 02 Jul 2019 00:56:43 -0500
From: Patrick Mevzek <pm@dotandco.com>
To: regext@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/uyfNpIlWhTFD4o6UWNgYKg93OmY>
Subject: Re: [regext] FW: New Version Notification for draft-gould-regext-secure-authinfo-transfer-00.txt
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2019 05:56:48 -0000
On Tue, Jun 25, 2019, at 07:29, Gould, James wrote:
> The Extensible Provisioning Protocol (EPP) Secure Authorization
> Information for Transfer (draft-gould-regext-secure-authinfo-transfer)
> was posted to define a BCP for securing the authorization information
> using the existing EPP RFCs. The overall goal is to have strong,
> random authorization information values, that are short-lived, and that
> are either not stored or stored as cryptographic hash values. Review
> and feedback is appreciated.
I have read your draft and while I can obviously share your operational
experiences and goals to address many shortcomings of current situation
I really believe that such document as written is not a good fit for an RFC,
nor even for the IETF place in general.
Why? Because it only discuss policies, and not protocol matters.
The fact that it does not define any new EPP commands/objects nor EPP XML namespace
seems to hint clearly that this is not an EPP extension, that it has nothing
to do with the protocol.
Things like that:
> The operational practice will not require the client
> to store the authorization information and will require the
> server to store the authorization information using a
> cryptographic hash.
How the password is stored and handled at the registry is completely
out of EPP scope. It could as well be symmetrically encrypted, and I fail
to see even how this can be enforceable (how will you verify remotely
how the registry stores the password?), as it is not protocol related.
Or:
> and the sponsoring registrar MUST inform the
> registrant of the TTL when the authorization information is provided
> to the registrant.
Registrars exist that do not let registrant choose passwords at creation
(which also hopefully deter bad passwords) and just give it when requested,
for an outgoing transfer (since it is basically useless for anything else).
So the TTL information will have no meaning to registrants.
Also all your process regarding TTLs force registrars to maintain state
(when they set the password) and a machinery to change it after expiration.
This does not provide them any gain, so there is 0 incentive for them to do that,
and could be only controlled by the registry.
It also absolutely does not take into account all cases that exist today,
and I see absolutely no reason why the IETF would suddenly be the judge of some
registries policies.
One example: some registries do not let registrars choose/set authInfo.
When a transfer has to be done, the current registrar needs to use a specific EPP command
to request the registry to generate a new authInfo (which can be obtained through
a followup domain:info), which the registrant will then use at the new registrar.
This authInfo has even some time to live.
Another example: after a successful transfer, the registry automatically changes
the authInfo.
I am not claiming this is better. Or worse. I am just saying that there are
various policies, and I see no reason for the IETF to order them from bad to good.
On the opposite side I would be more happy to see attempts to extend the authInfo.
It has clearly been designed from the beginning at being extensible:
<complexType name="authInfoType">
<choice>
<element name="pw" type="eppcom:pwAuthInfoType"/>
<element name="ext" type="eppcom:extAuthInfoType"/>
</choice>
</complexType>
and
<complexType name="extAuthInfoType">
<sequence>
<any namespace="##other"/>
</sequence>
</complexType>
So in my views the current password based model per domain has died,
and other solutions have to be searched for. Maybe there is space to pursue
in solutions around OTP frameworks.
Any work in this area needs for me to take also into account at least the related issues:
- registry lock services
- the whole transfer process (since authInfo serves only there), taking into account
that there may be rules applied to all gTLDs by virtue of their common contracts,
but then there are all the other registries.
--
Patrick Mevzek
pm@dotandco.com
- [regext] FW: New Version Notification for draft-g… Gould, James
- Re: [regext] New Version Notification for draft-g… Gavin Brown
- Re: [regext] New Version Notification for draft-g… Gould, James
- Re: [regext] FW: New Version Notification for dra… Patrick Mevzek
- Re: [regext] FW: New Version Notification for dra… Gavin Brown
- Re: [regext] FW: New Version Notification for dra… Patrick Mevzek
- Re: [regext] FW: New Version Notification for dra… Gould, James
- Re: [regext] FW: New Version Notification for dra… Patrick Mevzek
- Re: [regext] FW: New Version Notification for dra… Jody Kolker
- Re: [regext] FW: New Version Notification for dra… Gould, James
- Re: [regext] FW: New Version Notification for dra… Gould, James
- Re: [regext] FW: New Version Notification for dra… Martin Casanova
- Re: [regext] FW: New Version Notification for dra… Patrick Mevzek