On Tue, Apr 23, 2019, at 05:02, Rubens Kuhl wrote:
> Certificates can be made as secure as one wants to. The two most common
> ways in the EPP ecosystem are:
> 1) Accept certificates from a number of established CAs, but tag an
> specific certificate as being authorised. So the authorisation
> On 23 Apr 2019, at 05:12, Michael Bauland wrote:
>
> Hi Rubens, Jim (btw is it now Jim or James?), and Quoc,
>
> thanks for you responses.
>
> On 19.04.2019 15:55, Gould, James wrote:
>> I mirror Rubens response, that there exists system-to-system multi-factor
>> authentication for EPP
Hi Michael,
On 23/04/2019 09:12, Michael Bauland wrote:
>
> Certificates on the other hand are not a secure factor as almost anybody
> can obtain a valid certificate.
A valid certificate provides a weak form of non-repudiation, so if an
attacker obtains (for example) a cert for example.com and
Hi Rubens, Jim (btw is it now Jim or James?), and Quoc,
thanks for you responses.
On 19.04.2019 15:55, Gould, James wrote:
> I mirror Rubens response, that there exists system-to-system multi-factor
> authentication for EPP with user name/password, client certificate, and
> client IP. Does
-Original Message-
From: regext [mailto:regext-boun...@ietf.org] On Behalf Of Gould, James
Sent: Friday, April 19, 2019 11:55 PM
To: rube...@nic.br; michael.baul...@knipp.de
Cc: regext@ietf.org
Subject: Re: [regext] 2nd factor for Login Security Extension for EPP
I mirror Rubens response
I mirror Rubens response, that there exists system-to-system multi-factor
authentication for EPP with user name/password, client certificate, and client
IP. Does the definition of another second factor, such as TOTP in RFC 6238,
applicable to EPP? Michael, are you proposing the use of TOTP
Do you mean 3rd or 4th, since most EPP systems already have two factors
(password and certificate), and some of those also require IP whitelisting.
I believe we already have the tools for the job in this area. And if a registry
wants to add some extra layer, the password field could be
Hi,
I was wondering if one could use the good idea to enhance the security
for EPP logins and take it one step further and add some additional
related feature: the introduction and support of 2-factor authentication.
While web-based logins are currently in the process of updating and
securing