The Login Security Extension (draft-gould-regext-login-security) was posted (https://datatracker.ietf.org/doc/draft-gould-regext-login-security/) that enhances the security of the EPP sessions with the following:
1. Support for passwords (current and new) beyond the RFC 5730 limit of 16 characters in an extension to the login command; 2. Support for the server to return security warnings and errors in an extension to the login response (password expiry, certificate expiry, insecure cipher, insecure TLS, failed login statistics, etc.); 3. Support the optional passing of the client’s user agent in an extension to the login command for the server to identify functional or security constraints, current security issues, and potential future functional or security issues for the client. Please review and provide any feedback privately or on the list. I would like a slot in the REGEXT WG meeting to introduce and discuss this new extension. Thanks, — JG James Gould Distinguished Engineer [email protected] 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com <http://verisigninc.com/> On 6/4/18, 4:18 PM, "[email protected]" <[email protected]> wrote: A new version of I-D, draft-gould-regext-login-security-00.txt has been successfully submitted by James Gould and posted to the IETF repository. Name: draft-gould-regext-login-security Revision: 00 Title: Login Security Extension for the Extensible Provisioning Protocol (EPP) Document date: 2018-06-04 Group: Individual Submission Pages: 18 URL: https://www.ietf.org/internet-drafts/draft-gould-regext-login-security-00.txt Status: https://datatracker.ietf.org/doc/draft-gould-regext-login-security/ Htmlized: https://tools.ietf.org/html/draft-gould-regext-login-security-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-gould-regext-login-security Abstract: The Extensible Provisioning Protocol (EPP) includes a client authentication scheme that is based on a user identifier and password. The structure of the password field is defined by an XML Schema data type that specifies minimum and maximum password length values, but there are no other provisions for password management other than changing the password. This document describes an EPP extension that allows longer passwords to be created and adds additional security features to the EPP login command and response. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
_______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
