On Tue, Dec 14, 2021, at 09:29, Tobias Sattler wrote:
> We want to spin this idea with this group because using EPP for
> searching is more secure than RDAP by reducing a threat vector.
Which threat vector? Or can you explain what is not secure in RDAP?
Because it uses HTTPS so it can be "secured" by any and all well-known
mechanisms,
from shared secret, to full Oauth/WebAuthn things.
Also the exact same EPP security mechanisms (as laid out by RFC5734), namely
1) IP access lists 2) clients X509 certificates 3) login+password, can be done
exactly
as is with RDAP, if so wished.
EPP is Extensible *Provisioning* Protocol (yes, I know not fully true already).
I am into the personal position that a lot of stuff added lately/being added to
EPP would in fact have been better through RDAP, because it also for some opens
the use by other
entities than registrars.
I think the authentication/authorization stuff is orthogonal to the features
provided
by the protocol.
--
Patrick Mevzek
p...@dotandco.com
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
