Re: [regext] 2nd factor for Login Security Extension for EPP

2019-04-26 Thread Patrick Mevzek
On Tue, Apr 23, 2019, at 05:02, Rubens Kuhl wrote: > Certificates can be made as secure as one wants to. The two most common > ways in the EPP ecosystem are: > 1) Accept certificates from a number of established CAs, but tag an > specific certificate as being authorised. So the authorisation

Re: [regext] 2nd factor for Login Security Extension for EPP

2019-04-23 Thread Rubens Kuhl
> On 23 Apr 2019, at 05:12, Michael Bauland wrote: > > Hi Rubens, Jim (btw is it now Jim or James?), and Quoc, > > thanks for you responses. > > On 19.04.2019 15:55, Gould, James wrote: >> I mirror Rubens response, that there exists system-to-system multi-factor >> authentication for EPP

Re: [regext] 2nd factor for Login Security Extension for EPP

2019-04-23 Thread Gavin Brown
Hi Michael, On 23/04/2019 09:12, Michael Bauland wrote: > > Certificates on the other hand are not a secure factor as almost anybody > can obtain a valid certificate. A valid certificate provides a weak form of non-repudiation, so if an attacker obtains (for example) a cert for example.com and

Re: [regext] 2nd factor for Login Security Extension for EPP

2019-04-23 Thread Michael Bauland
Hi Rubens, Jim (btw is it now Jim or James?), and Quoc, thanks for you responses. On 19.04.2019 15:55, Gould, James wrote: > I mirror Rubens response, that there exists system-to-system multi-factor > authentication for EPP with user name/password, client certificate, and > client IP. Does

Re: [regext] 2nd factor for Login Security Extension for EPP

2019-04-22 Thread Pham, Quoc-Anh
-Original Message- From: regext [mailto:regext-boun...@ietf.org] On Behalf Of Gould, James Sent: Friday, April 19, 2019 11:55 PM To: rube...@nic.br; michael.baul...@knipp.de Cc: regext@ietf.org Subject: Re: [regext] 2nd factor for Login Security Extension for EPP I mirror Rubens response

Re: [regext] 2nd factor for Login Security Extension for EPP

2019-04-19 Thread Gould, James
I mirror Rubens response, that there exists system-to-system multi-factor authentication for EPP with user name/password, client certificate, and client IP. Does the definition of another second factor, such as TOTP in RFC 6238, applicable to EPP? Michael, are you proposing the use of TOTP

Re: [regext] 2nd factor for Login Security Extension for EPP

2019-04-18 Thread Rubens Kuhl
Do you mean 3rd or 4th, since most EPP systems already have two factors (password and certificate), and some of those also require IP whitelisting. I believe we already have the tools for the job in this area. And if a registry wants to add some extra layer, the password field could be

[regext] 2nd factor for Login Security Extension for EPP

2019-04-18 Thread Michael Bauland
Hi, I was wondering if one could use the good idea to enhance the security for EPP logins and take it one step further and add some additional related feature: the introduction and support of 2-factor authentication. While web-based logins are currently in the process of updating and securing