On Wed, Nov 13, 2019, at 15:13, Hollenbeck, Scott wrote:
> I don't think that local storage of sensitive information, such as
> passwords, is a *protocol* issue per se.
"Interestingly" on another proposal (to handle transfers) when I said
it is absolutely not a protocol/interoperability issue how the passwords
are chosen or stored by the registry, I was replied that it is definitively a
protocol issue and that the draft should be discussed by the working group!
I do not see how one password (the client one) can be not a protocol issue,
but another one (the domain ones) can be. They are both exchanged in plain text
and hence are sensitive information where the protocol should be so defined that
it could work without having to exchange this sensitive information at all.
None are protocol/interoperability issues in a way, and none should be sent in
clear
(no matter what the transport; and do remember that EPP ought to be transport
agnostic, and there were attempts in the past to have it over SMTP for example,
in fact at least one registry has it that way nowadays...)
--
Patrick Mevzek
p...@dotandco.com
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
