Re: [regext] 2nd factor for Login Security Extension for EPP

Thu, 18 Apr 2019 05:36:05 -0700 

Do you mean 3rd or 4th, since most EPP systems already have two factors 
(password and certificate), and some of those also require IP whitelisting.

I believe we already have the tools for the job in this area. And if a registry 
wants to add some extra layer, the password field could be password12345678 
where password is the shared secret and 12345678 is a time-varying part that 
the EPP clients need to fill according to that registry specification.




Rubens



> On 18 Apr 2019, at 09:23, Michael Bauland <michael.baul...@knipp.de> wrote:
> 
> Hi,
> 
> I was wondering if one could use the good idea to enhance the security
> for EPP logins and take it one step further and add some additional
> related feature: the introduction and support of 2-factor authentication.
> 
> While web-based logins are currently in the process of updating and
> securing the login process by enforcing/allowing a second factor, this
> is not really possible for EPP authentication. If you add an optional
> field like "2fa" next to "pw" it could be used for a future 2nd factor.
> 
> What do you think about this? I am aware that 2fa is currently not in
> use for automated processes (at least I'm not aware of this), but the
> changes to the draft would be minimal now. The future possibility to
> submit such a string during the log-in process on the other hand could
> be of great benefit.
> 
> Best regards,
> 
> Michael
> 
> --
> ____________________________________________________________________
>     |       |
>     | knipp |            Knipp  Medien und Kommunikation GmbH
>      -------                    Technologiepark
>                                 Martin-Schmeisser-Weg 9
>                                 44227 Dortmund
>                                 Germany
> 
>     Dipl.-Informatiker          Fon:    +49 231 9703-0
>                                 Fax:    +49 231 9703-200
>     Dr. Michael Bauland         SIP:    michael.baul...@knipp.de
>     Software Development        E-mail: michael.baul...@knipp.de
> 
>                                 Register Court:
>                                 Amtsgericht Dortmund, HRB 13728
> 
>                                 Chief Executive Officers:
>                                 Dietmar Knipp, Elmar Knipp
> 
> _______________________________________________
> regext mailing list
> regext@ietf.org
> https://www.ietf.org/mailman/listinfo/regext

Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext

Reply via email to