RFC 8807 describes login improvements. There haven’t been ay other attempts to extend the protocol that I’m aware of.
Scott From: Victor Zhou <z...@namefi.io> Sent: Thursday, October 17, 2024 5:37 PM To: regext@ietf.org Cc: Hollenbeck, Scott <shollenb...@verisign.com> Subject: [EXTERNAL] Question regarding client identifiers and password requirement of RFC-5730 Caution: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Dear REGEXT working group, cc: Scott A little while ago, we sent you an email about AuthCodeSEC(https://www.mail-archive.com/regext@ietf.org/msg05966.html<https://secure-web.cisco.com/1bmj7qOVsW2DI9K-WwA24GswsHQFQTZbSm427bmiGeBElJbrYkmsu0ry7JYyPmKo0R-fBKwDpnhS0HBy-30gm3fIuMRr-vQx0aVhFJIr5GmbiTt4-vDVXGFV46lQiTJbSw5jM1sVdefQF90PClx8HS0KjZ5hatesJ4ZtV_1k0ekmPjb4U-l04eB-1w9JBt2ywjphY6QsKcvV3mvHabwtbxUbfSMzd08xDjAi1HK_4y5XBe8Cdm3tnsvWxDeA6PR-ULTAzkwQ5vHGDMyYhhVlGR282rmYV1nA9odpxTVXWI2Lo2rNlr_xJVSRjzq2bANTW8WuCNo74deDnB86a6f8CYA/https%3A%2F%2Fwww.mail-archive.com%2Fregext%40ietf.org%2Fmsg05966.html>) We are looking into authentication model and we found that in Section 2.9.1.1 of RFC-5730(https://www.rfc-editor.org/rfc/rfc5730<https://secure-web.cisco.com/16m1YT4Gl3xBdoJCuCvfylZXh2GrQZ8jcdvW0FfreK-DsIL6amsreh7iw0g6vp9ujzAl5hZ3RpMlWanLVVh4qT62ZQ97SNG3WAuwoC1e_Y-7wboZLNdL43A9q4FiqqwDYWJSuUf67EaJmpz03lKQZz6wmURDmZEXmLwn0edWJzOApdLcVW9oGC9qTWHyUMaQg8-FnT12m4_y5UddnNFj9ciknmmX-qQGGshWDpUlYDTown1dlHN-73diWa_PJJ-yGfQH4BIgXswt2Z0OyPgSGpJi3U-V76UxW50sO0QVPDdzvzIM_Nk0u8csYq1JxLyKwizxLbEtxJw1mGCUTB8EIsg/https%3A%2F%2Fwww.rfc-editor.org%2Frfc%2Frfc5730>, page 20) it reads 2.9.1.1<https://secure-web.cisco.com/1MPHjyu1iIFFPB0wRomHA3lGLJBtWrXCXrFO24x4HloTEe8AwNhdAVRK0YSE5bzqhvz46UUzHD9nw-fGB3mGItvwy4Mdmjrp1HngoLag0RWuHUGZkiWYnM5ePOOR9pm3n8jAxeUrt2Y4R1HulHKt1T7zF5iC8sclHddr6I0IkcuzN-Papwu-bU6soymbvLxXGE8vMm63N9B-lI7nUCTqtmzvwMA3DNPNPER5FMcOk6MjdlYfK2ioYKuzyAxecXEf5OeI_jqeDB9Q06m37usZVEnKgXHlRIpSSzDQuehMhdRQ9qbOcfbhF_q9hAkNNNhkWdmgehkMWrrbVtQ3mDJxMdg/https%3A%2F%2Fwww.rfc-editor.org%2Frfc%2Frfc5730%23section-2.9.1.1>. EPP <login> Command ... A client identifier and initial password MUST be created on the server before a client can successfully complete a <login> command. The client identifier and initial password MUST be delivered to the client using an out-of-band method that protects the identifier and password from inadvertent disclosure. This design assumes a client-server authentication with a pre-established password saved in the server. Question: Is there any newer RFC that brings into / extends EPP to adopt more sophisticated login / authentication schemes? For example if a server announces a public-key authentication algorithm and relevant parameter it chose, a client can login with a signature given a server challenge. Thank you! Victor Zhou, CEO & founder of Namefi<http://secure-web.cisco.com/1Mja19UaAwbFSjNgfR6RIvpx-8nYplf3t6cgEagMEtrXU9B6eZLT0hEfWRKLJ1MR6fqQ_oJjSciLg5vSnjb5Bidn60bGAQhQ0A6eHISAkWqSa98Bzj168HLxnpkUb45_sw07JmxfAOiDWXyZtvu0id5DhrtPKrPcW_6uCWu5vBErWOnsalWlpE9uKnL1bqngD7Q_RVQC_GfNqDLvpsthgPRgTjfinFFgcRIZgd8cWePGY98WQUgwEQ-9pAmWaM2CRUE3INxBwAprUsVF6K4gt_NCR5dDtjar_YwSyj6LARje3owiqNZS443CbyBlJ9jSXp2ZtR7NkHvLdvBv_3n7FfA/http%3A%2F%2Fnamefi.io>, tokenizing domain names for trading, DeFi and future Internet. https://namefi.io<https://secure-web.cisco.com/1Kjvow_kmBa5uZHDqUZmHw6hGqUuAm38e9fElzMcgT0u7c_iXT56CKXJtO3JjlNKrTRn8xHAfot8y04K0zDnfuqZM-7hLXA7Rr_49zbgU4lltIXdqhFlRoH6atXVGGS1qKl7n4iSJvBpgh6z5xE7VK6hnqpmy1zPzw9RrUbNMoYuQQBCf72TmXzbb81qfhgz79LQe70O8ADw0XCo5NOUNQsiSzDr6A35q_ZCBaJG4xb0JTs5d7h7OfID9YlUsLcZGxa13qkkeGTx4EuzrhG2Re5DJmIP57NrqVLng-Wvy8KcaQfwvfISNqTsWB_WtXrm0PaZNMy1aIYe6zb1fec-qCg/https%3A%2F%2Fnamefi.io>
_______________________________________________ regext mailing list -- regext@ietf.org To unsubscribe send an email to regext-le...@ietf.org
