> -----Original Message----- > From: regext <regext-boun...@ietf.org> On Behalf Of Patrick Mevzek > Sent: Wednesday, November 13, 2019 2:55 PM > To: regext@ietf.org > Subject: [EXTERNAL] Re: [regext] draft-ietf-regexy-login-security > > > > On Wed, Nov 13, 2019, at 08:37, Hollenbeck, Scott wrote: > > TLS protection is specified to avoid sending passwords in plaintext form. > > Yes but this solves only the security in transit part, not security at rest. > > These EPP frames are stored on both side of the connection, logged, added > to backups, etc. > This is needed for various troubleshooting needs, as well as disputes and so > on. > > Without any specific code filtering out the passwords out of the frame > before storage (which comes from its own edge cases because then it means > you are troubleshooting things based on data as stored not really as > exchanged, even if the difference in theory is well contained to specific > parts), you then have the password in clear in many places. > And not all registrars > maintain open persistent connections or some registries shut down active > connections like each hour no matter what, which means a registrar may > send dozens or hundreds or more login request per day.
I don't think that local storage of sensitive information, such as passwords, is a *protocol* issue per se. It does make sense to note that it's a bad idea to do that in the Security Considerations sections of RFCs where passwords are exchanged as part of a protocol interaction, but it's not an interoperability issue. An even better idea is to recommend "better" practices in those Security Considerations sections. Scott _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
