Re: [regext] How to handle Domain Info Command with empty authinfo/pw tag in command?

"Patrick Mevzek" <pm@dotandco.com> Wed, 26 February 2020 23:27 UTC

Return-Path: <pm@dotandco.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 445143A0AAB for <regext@ietfa.amsl.com>; Wed, 26 Feb 2020 15:27:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dotandco.com header.b=W2DIKW53; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=r+tcrBeK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UOqM9WWMTLHO for <regext@ietfa.amsl.com>; Wed, 26 Feb 2020 15:27:46 -0800 (PST)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E318C3A0AA7 for <regext@ietf.org>; Wed, 26 Feb 2020 15:27:46 -0800 (PST)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 079595C8 for <regext@ietf.org>; Wed, 26 Feb 2020 18:27:45 -0500 (EST)
Received: from imap22 ([10.202.2.72]) by compute4.internal (MEProxy); Wed, 26 Feb 2020 18:27:46 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dotandco.com; h= mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=Ee3tKZP4LuvtfMGg7yuF1/PXEm4OjK/ QrQkY5NkjeeA=; b=W2DIKW53aHmVE0tu5AInZlUvAadiSWu6tA+Y+7uDF9xcq6d 1UAC/kACVTRASztuTCMq13bVWT0MdaiOETSG3hPJRpVfblcfwvjyJBg148oY6aFz NKt8YRNADZTv5vHKRfBIdZL/NDVcmy35e7bG99hbIh1/yyFezyFJVW+3qD/fyrrD p+jVeAtxyNsXtIFifZLG9lEIsc+LXl9gx9DTqj0bpC5NBo2Lnes8Ui/S9XO4dWpr IGNzga8i+G5d7GWYNlCR2beCZVPA9vx3y0yJXxTg8CSqzbFKsljRDdbF5CVqDMJi QCtJk68ffDSGoflR2FnC1JF2GZqL+Vs105bN/bw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=Ee3tKZ P4LuvtfMGg7yuF1/PXEm4OjK/QrQkY5NkjeeA=; b=r+tcrBeKeNULGsFKwqqnT0 1Ds/79tKUhVMiHJ5WIUdpdWeZqwPPaS22qAkkg6L8NAzUk+X1bck3UAqFtxIgKm1 2lEdwy/UiG1o8/J0Yi/uV1CTtHBmcb4A9HINJsi8vuPTs/F/hRH2chpvO8YczdVu WmY68JrKxYnlRsOeoJA0dAffjeLxY4YO/QCrEhWNaL3jPD424+Ra81z4k7r9M1UU 51JYNcelMeRrsUYJzRo+AgEss3XuYUWXKWjEO8Suv5OMdP4iZScK4z7hA3GuWL9g ffzWySsHNdv4FUjboAtuJ6ol4wdyXM8p/1JLoHDZve4mBuLukcvSpCrojkRH4Myw ==
X-ME-Sender: <xms:8f5WXjxnLAXWor-sWC1QzUjOygAKUGngOfDf_DkJcJ1--F6jUIaCjEmGlQ4>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrleehgdduvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreerjeenucfhrhhomhepfdfrrghtrhhitghkucfovghviigvkhdfuceophhmseguohht rghnuggtohdrtghomheqnecuffhomhgrihhnpehivghtfhdrohhrghenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehpmhesughothgrnhgutgho rdgtohhm
X-ME-Proxy: <xmx:8f5WXk_qSUKkBdHDKg7XNvLClSALGy813BmWRI2EB4kly8N-EiUEeQ> <xmx:8f5WXkSdSOAvdAzpCuGrqTD05L-zAJfDgkFS-QOOfMTv8yp9svRINw> <xmx:8f5WXhkrHlN79aSxQ9c4Dlsxpl-ncYqUKY6Fu-7CnCA7X8Nf7bIdvg> <xmx:8f5WXpjNpJRfHt50buNqFh8ItI9kIQcRsmYKH4Gs0GKM4YSXKkNVYA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 03ACC6680064; Wed, 26 Feb 2020 18:27:44 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-947-gbed3ff6-fmstable-20200220v2
Mime-Version: 1.0
Message-Id: <8253a2df-3d21-4d13-811d-9cf6e72881a6@www.fastmail.com>
In-Reply-To: <2e348f0a-c411-4389-a1e6-353e73bcb608@www.fastmail.com>
References: <d17d88d0-e9db-9416-1917-dc992fcd2d3a@switch.ch> <35BAECA0-9B4A-4C1F-9EEF-BA9C4BE2E325@verisign.com> <4bbb8a33bee54a8797fc75a1cf532899@switch.ch> <185b57cd-984c-4167-8e62-fc37dcf46fdf@www.fastmail.com> <436A323C-AD02-4FFE-A182-B9376AFF3783@verisign.com> <82ef0b63-13cb-403b-886d-de66f7086890@www.fastmail.com> <68a5d403846d4042ab7db859499ab77b@verisign.com> <2e348f0a-c411-4389-a1e6-353e73bcb608@www.fastmail.com>
Date: Wed, 26 Feb 2020 18:27:24 -0500
From: "Patrick Mevzek" <pm@dotandco.com>
To: regext@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/zxYjCjzYQJLbO-vP4d36D-_lerY>
Subject: Re: [regext] =?utf-8?q?How_to_handle_Domain_Info_Command_with_empty_?= =?utf-8?q?authinfo/pw_tag_in_command=3F?=
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2020 23:27:48 -0000

On Thu, Jan 23, 2020, at 01:01, Patrick Mevzek wrote:
> 2) for the login security draft I said from the beginning that instead
> of just relaxing the limits on password length, we may want to use
> more standardized methods such as SASL, and in particular there are mechanisms
> to authenticate without exchanging any password (SRP)
> See https://mailarchive.ietf.org/arch/msg/regext/iMfmuxNgDbMHGMGehg8VT_oSklU

FWIW, here is a recent attempt to retrofit SASL inside HTTP, and while
it is not applicable exactly as is to EPP, it shows other people wanting to have
SASL as default in "legacy" protocols,
in order to plug in later other authentication mechanisms.

https://datatracker.ietf.org/doc/draft-vanrein-httpauth-sasl/

-- 
  Patrick Mevzek
  pm@dotandco.com