Hello Scott, On Fri, Dec 20, 2019, at 13:04, Hollenbeck, Scott wrote: > > -----Original Message----- > > From: regext <[email protected]> On Behalf Of Patrick Mevzek > > Sent: Friday, December 20, 2019 12:14 PM > > To: [email protected] > > Subject: [EXTERNAL] Re: [regext] How to handle Domain Info Command with > > empty authinfo/pw tag in command? > > [snip] > > > I remain in another side: other solutions, instead of passwords, should be > > found. > > I designed the authInfo concept to be extensible because I also thought > that passwords would have a limited lifetime. Patrick, if you have some > other ideas, why not toss them out for discussion?
I think I did; or at least I tried, both around the registrar passwords and the domain passwords: 1) in previous discussion about the new transfer draft, I offered an alternative that has at least the merit to not rely anymore so much on passwords which are a dead end in my view: https://mailarchive.ietf.org/arch/msg/regext/k42HEvU3E0whLGqmke49FyEiWuI 2) for the login security draft I said from the beginning that instead of just relaxing the limits on password length, we may want to use more standardized methods such as SASL, and in particular there are mechanisms to authenticate without exchanging any password (SRP) See https://mailarchive.ietf.org/arch/msg/regext/iMfmuxNgDbMHGMGehg8VT_oSklU -- Patrick Mevzek [email protected] _______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
