In preparation for the request for WGLC, draft-ietf-regext-secure-authinfo-transfer was updated with the following changes. The draft is now ready for WGLC.
1. Updated the XML namespace to urn:ietf:params:xml:ns:epp:secure-authinfo-transfer-1.0, which removed bcp from the namespace and bumped the version from 0.1 and 1.0. Inclusion of bcp in the XML namespace was discussed at the REGEXT interim meeting. 2. Replaced Auhtorization with Authorization based on a review by Jody Kolker. -- JG James Gould Fellow Engineer jgo...@verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgo...@verisign.com> 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com <http://verisigninc.com/> On 7/31/20, 11:57 AM, "regext on behalf of internet-dra...@ietf.org" <regext-boun...@ietf.org on behalf of internet-dra...@ietf.org> wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Registration Protocols Extensions WG of the IETF. Title : Extensible Provisioning Protocol (EPP) Secure Authorization Information for Transfer Authors : James Gould Richard Wilhelm Filename : draft-ietf-regext-secure-authinfo-transfer-03.txt Pages : 28 Date : 2020-07-31 Abstract: The Extensible Provisioning Protocol (EPP), in RFC 5730, defines the use of authorization information to authorize a transfer. The authorization information is object-specific and has been defined in the EPP Domain Name Mapping, in RFC 5731, and the EPP Contact Mapping, in RFC 5733, as password-based authorization information. Other authorization mechanisms can be used, but in practice the password-based authorization information has been used at the time of object create, managed with the object update, and used to authorize an object transfer request. What has not been fully considered is the security of the authorization information that includes the complexity of the authorization information, the time-to-live (TTL) of the authorization information, and where and how the authorization information is stored. This document defines an operational practice, using the EPP RFCs, that leverages the use of strong random authorization information values that are short-lived, that are not stored by the client, and that are stored using a cryptographic hash by the server to provide for secure authorization information used for transfers. The IETF datatracker status page for this draft is: https://secure-web.cisco.com/1C414k8FewwrqHU1Ris3PLUlyGRrttIG8UoHfX0ZuaWxmoCXR8V8Uy8F-2iRijPsSovIT2dTS9ARZaSHA4DtWp-_mP2saWCRz1-8EPcGq1eoxjk08vePwmmwkQryUl72OjNEXOaq5KXq4rlAbKmu8gixCzuRqRjE8Qdck3u636_sXex5EPihL5Nhv6J2UIev6lV0UwIKv52OMfCW1v1ABCClsm3oCVoS6u_FY5e3QY45bc7w2Qn2U0S6XKZG0FZ8dcJkR2ZDWBaIjTGdmjuTClg/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-regext-secure-authinfo-transfer%2F There are also htmlized versions available at: https://secure-web.cisco.com/1mkXAvaMvJQ9wtYc5bYfRsIU2ikJdPQ1TjU6OCzQTIupsJnuRVei-yQoRup00xLAFWKkoBEIWe6W32_AtF1_k4hJRVQIoG0gAWi9cbVUmmFOXT9ikGGyRbE3nGZQP9z6khIaGd5J5y-REvIw5iJmqX4zPszwm-WFCP7r7vryJHiliRENlffSLK4TS6zd0izu185XaOXOA3J4SOXHR2WCQpSa37NPjn45e99OoFLeIrfDfDVTYkoG0nFMk3mNXYUD1I3Rip6-_2jjwlS2sSWktcQ/https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-regext-secure-authinfo-transfer-03 https://secure-web.cisco.com/1et18U6_XXQuc6tvSXuGgZQnR_dFdYuCHH-QNmClUW-Nhk-iE1vB8Uf_57qMm6vi9yeIqbYgbc9BC5d5jruKGfafZXjK3chqO6nCdKCe97F-pboHj__Rb3REJ0YvxXZjvgg18t3WmCM4oJ9n1Po1H1mKuyhx3-__emx5Bbuj62yyWMMhHJz7V-G3WSilbtgfUigt3Hxhevm5-52muWd8w-_XRhsBQuUlFX_p8H4sYfnut9Jopdmhz5K1C2nqfp8mmFAsrUl4mxJ6JZvrwEM6WTw/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-regext-secure-authinfo-transfer-03 A diff from the previous version is available at: https://secure-web.cisco.com/1maR9nqxnGcukV3vH8ZLkmvIrXmCJGXy8e7IzKTryr_wLzw1w779EQh0MX7bciQoY5weuNS5dRhR6_Jl0HnL2CUby04O-avJGmmsMvX0oM9gDNjUr66HPYIBVcPCrVGT3EIeVFrabUnPicMXvdxM2biG-Y42kaz4faaai3xpHDQMyOlFBovPVnxSOXCxU3WSh-9TSf_dwWjOizEGMKFy7G5HX0hNGYQ60h2R-h1iz_PMUBJbr9U57sbbOZCm-QSV6jOmP-1JjfmIpXw_xihZZfooTq01hvPJS8QkaZJEdXBI/https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-ietf-regext-secure-authinfo-transfer-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ regext mailing list regext@ietf.org https://secure-web.cisco.com/1MjTjWp19QQbNYvZhhu7Ys9Yd6Osn_N7bkqJyXMx1FKOk7znR-zRObBcT0Qzu3wquaqu_un-YFBUJd9_XfQv7H6jZfTFC6CKRirXz-CgZ1A3xzwYGPG2QV0uOlqURSzddBT8cP0iJbLvCpq7bvCm46XAORHxvVwUrdKZWzs6pZC3zfElNoF_TSPON7pS5hO9C5-J0Q6CMt4iDWu6N8FxdCx5au26kDrJLY0IroGZdWsYXn_8LRJGJ6zrsc5Hd3H86tJS7gF_NT9exCACn87JyjGqvEpY9E2_hLOZE-wqx-UU/https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fregext
_______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
