On Thu, Jan 23, 2020, at 01:01, Patrick Mevzek wrote: > 2) for the login security draft I said from the beginning that instead > of just relaxing the limits on password length, we may want to use > more standardized methods such as SASL, and in particular there are mechanisms > to authenticate without exchanging any password (SRP) > See https://mailarchive.ietf.org/arch/msg/regext/iMfmuxNgDbMHGMGehg8VT_oSklU
FWIW, here is a recent attempt to retrofit SASL inside HTTP, and while it is not applicable exactly as is to EPP, it shows other people wanting to have SASL as default in "legacy" protocols, in order to plug in later other authentication mechanisms. https://datatracker.ietf.org/doc/draft-vanrein-httpauth-sasl/ -- Patrick Mevzek [email protected] _______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
