On Mon, Jun 11, 2018, at 21:57, Gould, James wrote: > Patrick, > > > > > JG - Thanks, I'll take a closer look at the PRECIS framework in RFC 7564 > > > and 8265. > > > > Please also look at the SASL framework (RFC4422 and RFC4616 for its > PLAIN version which is basically what we have currently) : this allows > to decouple authentication needs to the underlying application/protocol, > which also address Pieter remark about other ways to authenticate. > > > > JG - I don’t believe there is any desire to switch from using the > variant of the PLAIN SASL mechanism [RFC4616] defined in the existing > EPP RFC [RFC5730].
I do not know. My main point was more around: if we decide to put more energy into "securing" EPP better, providing more options than just plain text passwords (as asked by Pieter also I think) would be now a good time to think about, and if we go towards some "extensibility" in authentication frameworks, why not just build on existing RFCs? -- Patrick Mevzek _______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
