It would be interesting to explore technical approaches to a standardized registry locking model, although I suspect some of the approaches that are technically possible might not prove to be broadly feasible from a business/contractual perspective.
Regarding the possibility of registry lock successfully defending against the attack, there is generally more to the registry lock security protocol between registry and registrar than the EPP bits on the wire. For example, in Verisign’s implementation, a significant amount of communication during the critical unlock process takes place in a structured process using secure channels outside of EPP. At Verisign, Registry lock has been operating successfully for many years and protects important domain names every day. All indications that we have indicate that it would have successfully defended against the attack. Regardless, we look forward to discussions on this topic and, more importantly encourage registrars and registrants to engage both registrar and registry locking security mechanisms (along with other factors) to improve the stability of their domain names. Regards, Rick On 2/25/19, 12:47 PM, "regext on behalf of Tongfeng Zhang" <[email protected] on behalf of [email protected]> wrote: At .ca and all the TLDs CIRA operates, we have a similar feature of registry lock. We are interested in standardization for sure. There is a regiOps workshop coming up in May in Bangkok. I see a fit there if regext is not the right place. Cheers, Tongfeng -----Original Message----- From: regext <[email protected]> On Behalf Of Erwin Lansing Sent: Monday, February 25, 2019 11:25 AM To: [email protected] Subject: Re: [regext] Security Lock anyone? (Was: Preliminary agenda for Prague, and call for agenda items) Folks, At .dk we also offer a form form of registry lock, called VID, which I’d like to redesign at some point. Having a standardised, or at least similar “enough” product offering across different registries and TLDs would make it much more attractive for registrants. Even though I won’t be in Prague, I’m certainly interested in following any standardisation effort. Best, Erwin > On 25 Feb 2019, at 17.11, Marc Groeneweg <[email protected]> wrote: > > All, > > At SIDN (for .nl) we have our own form of registry lock called .nl control (https://www.sidn.nl/en/nl-control?language_id=2). Perhaps this can be used as input for a joined effort in increasing security around registry/registrar operations. > > Regards, > Marc Groeneweg > > On 25/02/2019, 14:57, "regext on behalf of Gavin Brown" <[email protected] on behalf of [email protected]> wrote: > > If a BoF happens in Prague I will certainly attend. > > On 25/02/2019 07:26, Alexander Mayrhofer wrote: >> Antoin, all, >> >> >> >> for now this is more a question / request to the group, rather than a >> specific agenda slot request – but: >> >> >> >> In the light of the recent attacks on registration interfaces, do we >> want to take a fresh look at standardization of “Registry Lock” / >> “Security Lock”. There’s some previous work on this topic (see >> https://tools.ietf.org/html/draft-wallstrom-epp-registrant-problem-statement-00). >> As Patrick pointed out, there’s also some IPR considerations in this >> area (See his blog post at >> http://www.circleid.com/posts/20150603_registry_lock_or_epp_with_two_factor_authentication/). >> >> >> >> I constantly hear from registrars that “Security Lock” (our product >> name) would be much more attractive if there wasn’t a myriad of >> different processes at each registry – so my take is that there’s >> room for standardization (which probably goes beyond the pure EPP extension). >> I’m also hearing some fellow ccTLD colleages are interesting in a >> common “profile”. >> >> Would regext be the right spot for such a discussion? If yes, would >> it be interesting to hold a 20 minutes slot in Prague? Or even a >> Bar-BoF before we “report back” to the working group? >> >> >> >> Best, >> >> Alex >> >> >> >> >> >> *Von:*regext <[email protected]> *Im Auftrag von *Antoin >> Verschuren >> *Gesendet:* Sonntag, 24. Februar 2019 14:43 >> *An:* Registration Protocols Extensions <[email protected]> >> *Betreff:* [regext] Preliminary agenda for Prague, and call for >> agenda items >> >> >> >> Hi all, >> >> Please find the preliminary agenda for Prague attached. >> I hope I captured everyone that has requested time to speak. If not, >> let the chairs know. >> We still have a little bit of time left on the agenda, so if you have >> urgent agenda items, let us know as well. >> If you are on the agenda, start preparing ;-) >> >> >> >> >> Regards, Jim and Antoin >> >> - -- >> Antoin Verschuren >> >> Tweevoren 6, 5672 SB Nuenen, NL >> M: +31 6 37682392 >> >> >> >> >> >> _______________________________________________ >> regext mailing list >> [email protected] <mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/regext >> >> >> _______________________________________________ >> regext mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/regext >> > > -- > Gavin Brown > Chief Technology Officer > CentralNic Group plc (LSE:CNIC) > Innovative, Reliable and Flexible Registry Services > for ccTLD, gTLD and private domain name registries > https://www.centralnic.com/ > +44.7548243029 > > CentralNic Group plc is a company registered in England and Wales with > company number 8576358. Registered Offices: 35-39 Moorgate, London, > EC2R 6AR. > > > _______________________________________________ > regext mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/regext _______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext _______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
