A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Registration Protocols Extensions WG of the
IETF.
Title : Extensible Provisioning Protocol (EPP) Secure
Authorization Information for Transfer
Authors : James Gould
Richard Wilhelm
Filename : draft-ietf-regext-secure-authinfo-transfer-06.txt
Pages : 30
Date : 2021-03-08
Abstract:
The Extensible Provisioning Protocol (EPP), in RFC 5730, defines the
use of authorization information to authorize a transfer. Object-
specific, password-based authorization information (see RFC 5731 and
RFC 5733) is commonly used, but raises issues related to the
security, complexity, storage, and lifetime of authentication
information. This document defines an operational practice, using
the EPP RFCs, that leverages the use of strong random authorization
information values that are short-lived, not stored by the client,
and stored by the server using a cryptographic hash that provides for
secure authorization information that can safely be used for object
transfers.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-regext-secure-authinfo-transfer/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-regext-secure-authinfo-transfer-06.html
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-regext-secure-authinfo-transfer-06
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
regext mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/regext
