A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Registration Protocols Extensions WG of the
IETF.
Title : Extensible Provisioning Protocol (EPP) Secure
Authorization Information for Transfer
Authors : James Gould
Richard Wilhelm
Filename : draft-ietf-regext-secure-authinfo-transfer-07.txt
Pages : 32
Date : 2021-06-28
Abstract:
The Extensible Provisioning Protocol (EPP), in RFC 5730, defines the
use of authorization information to authorize a transfer of an EPP
object, such as a domain name, between clients that are referred to
as registrars. Object-specific, password-based authorization
information (see RFC 5731 and RFC 5733) is commonly used, but raises
issues related to the security, complexity, storage, and lifetime of
authentication information. This document defines an operational
practice, using the EPP RFCs, that leverages the use of strong random
authorization information values that are short-lived, not stored by
the client, and stored by the server using a cryptographic hash that
provides for secure authorization information that can safely be used
for object transfers.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-regext-secure-authinfo-transfer/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-regext-secure-authinfo-transfer-07.html
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-regext-secure-authinfo-transfer-07
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
regext mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/regext
