[regext] RFC 9154 on Extensible Provisioning Protocol (EPP) Secure Authorization Information for Transfer

[rfc-editor]

A new Request for Comments is now available in online RFC libraries.

        
        RFC 9154

        Title:      Extensible Provisioning Protocol (EPP) Secure 
                    Authorization Information for Transfer 
        Author:     J. Gould,
                    R. Wilhelm
        Status:     Standards Track
        Stream:     IETF
        Date:       December 2021
        Mailbox:    jgo...@verisign.com,
                    4rickwilh...@gmail.com
        Pages:      22
        Updates/Obsoletes/SeeAlso:   None

        I-D Tag:    draft-ietf-regext-secure-authinfo-transfer-07.txt

        URL:        https://www.rfc-editor.org/info/rfc9154

        DOI:        10.17487/RFC9154

The Extensible Provisioning Protocol (EPP) (RFC 5730) defines the use
of authorization information to authorize a transfer of an EPP
object, such as a domain name, between clients that are referred to
as "registrars". Object-specific, password-based authorization
information (see RFCs 5731 and 5733) is commonly used but raises
issues related to the security, complexity, storage, and lifetime of
authentication information. This document defines an operational
practice, using the EPP RFCs, that leverages the use of strong random
authorization information values that are short lived, not stored by
the client, and stored by the server using a cryptographic hash that
provides for secure authorization information that can safely be used
for object transfers.

This document is a product of the Registration Protocols Extensions Working 
Group of the IETF.

This is now a Proposed Standard.

STANDARDS TRACK: This document specifies an Internet Standards Track
protocol for the Internet community, and requests discussion and suggestions
for improvements.  Please refer to the current edition of the Official
Internet Protocol Standards (https://www.rfc-editor.org/standards) for the 
standardization state and status of this protocol.  Distribution of this 
memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  https://www.ietf.org/mailman/listinfo/ietf-announce
  https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-edi...@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC


_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext