> -----Original Message----- > From: regext <[email protected]> On Behalf Of Patrick Mevzek > Sent: Wednesday, February 26, 2020 6:27 PM > To: [email protected] > Subject: [EXTERNAL] Re: [regext] How to handle Domain Info Command with > empty authinfo/pw tag in command? > > On Thu, Jan 23, 2020, at 01:01, Patrick Mevzek wrote: > > 2) for the login security draft I said from the beginning that instead > > of just relaxing the limits on password length, we may want to use > > more standardized methods such as SASL, and in particular there are > > mechanisms to authenticate without exchanging any password (SRP) See > > > https://mailarchive.ietf.org/arch/msg/regext/iMfmuxNgDbMHGMGehg8VT > _oSk > > lU > > FWIW, here is a recent attempt to retrofit SASL inside HTTP, and while it is > not applicable exactly as is to EPP, it shows other people wanting to have > SASL as default in "legacy" protocols, in order to plug in later other > authentication mechanisms. > > https://datatracker.ietf.org/doc/draft-vanrein-httpauth-sasl/
Thanks, Patrick, this may be worth exploring if there's interest in adding this kind of capability to EPP. I don't know if that interest exists in this WG, but with the drip WG also looking at EPP they might bring some motivation to the party. Scott _______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
