Patrick, Other proposals for the passing of authentication credentials for EPP would be interesting and I look forward to any proposal that comes up. New approaches were not a good fit for this draft, but certainly are for other drafts.
For the management of the passwords (e.g., password encryption on the client-side, password hashing on the server-side, filtering passwords and other secure credentials like auth-info from the client-side and server-side logs, and ensuring that the password is never mirrored back in an error response) could be defined in a BCP draft. -- JG James Gould Distinguished Engineer jgo...@verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgo...@verisign.com> 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com <http://verisigninc.com/> On 11/13/19, 3:47 PM, "regext on behalf of Patrick Mevzek" <regext-boun...@ietf.org on behalf of p...@dotandco.com> wrote: On Wed, Nov 13, 2019, at 15:43, Hollenbeck, Scott wrote: > All > it takes is an Internet-Draft, or a note to the mailing list, to start > exploring alternatives. There were already, during discussion of this draft in fact. Maybe the form was incorrect, or not a good fit for this specific draft, so another draft might be a better idea, I can agree on that. But then, working on it and its adoption might be even slowler just because we just improved security a little, enough for most of the use cases to just not bother revisiting it again. Which is why I wanted the discussion to happen earlier, but that is the past behind us. -- Patrick Mevzek p...@dotandco.com _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
