Thank you Scott! Victor, CEO & founder of Namefi <http://namefi.io>, tokenizing domain names for trading, DeFi and future Internet. https://namefi.io
On Fri, Oct 18, 2024 at 5:18 AM Hollenbeck, Scott <shollenb...@verisign.com> wrote: > RFC 8807 describes login improvements. There haven’t been ay other > attempts to extend the protocol that I’m aware of. > > > > Scott > > > > *From:* Victor Zhou <z...@namefi.io> > *Sent:* Thursday, October 17, 2024 5:37 PM > *To:* regext@ietf.org > *Cc:* Hollenbeck, Scott <shollenb...@verisign.com> > *Subject:* [EXTERNAL] Question regarding client identifiers and password > requirement of RFC-5730 > > > > *Caution:* This email originated from outside the organization. Do not > click links or open attachments unless you recognize the sender and know > the content is safe. > > Dear REGEXT working group, cc: Scott > > > > A little while ago, we sent you an email about AuthCodeSEC( > https://www.mail-archive.com/regext@ietf.org/msg05966.html > <https://secure-web.cisco.com/1bmj7qOVsW2DI9K-WwA24GswsHQFQTZbSm427bmiGeBElJbrYkmsu0ry7JYyPmKo0R-fBKwDpnhS0HBy-30gm3fIuMRr-vQx0aVhFJIr5GmbiTt4-vDVXGFV46lQiTJbSw5jM1sVdefQF90PClx8HS0KjZ5hatesJ4ZtV_1k0ekmPjb4U-l04eB-1w9JBt2ywjphY6QsKcvV3mvHabwtbxUbfSMzd08xDjAi1HK_4y5XBe8Cdm3tnsvWxDeA6PR-ULTAzkwQ5vHGDMyYhhVlGR282rmYV1nA9odpxTVXWI2Lo2rNlr_xJVSRjzq2bANTW8WuCNo74deDnB86a6f8CYA/https%3A%2F%2Fwww.mail-archive.com%2Fregext%40ietf.org%2Fmsg05966.html> > ) > > > > We are looking into authentication model and we found that in Section > 2.9.1.1 of RFC-5730(https://www.rfc-editor.org/rfc/rfc5730 > <https://secure-web.cisco.com/16m1YT4Gl3xBdoJCuCvfylZXh2GrQZ8jcdvW0FfreK-DsIL6amsreh7iw0g6vp9ujzAl5hZ3RpMlWanLVVh4qT62ZQ97SNG3WAuwoC1e_Y-7wboZLNdL43A9q4FiqqwDYWJSuUf67EaJmpz03lKQZz6wmURDmZEXmLwn0edWJzOApdLcVW9oGC9qTWHyUMaQg8-FnT12m4_y5UddnNFj9ciknmmX-qQGGshWDpUlYDTown1dlHN-73diWa_PJJ-yGfQH4BIgXswt2Z0OyPgSGpJi3U-V76UxW50sO0QVPDdzvzIM_Nk0u8csYq1JxLyKwizxLbEtxJw1mGCUTB8EIsg/https%3A%2F%2Fwww.rfc-editor.org%2Frfc%2Frfc5730>, > page 20) it reads > > > > *2.9.1.1 > <https://secure-web.cisco.com/1MPHjyu1iIFFPB0wRomHA3lGLJBtWrXCXrFO24x4HloTEe8AwNhdAVRK0YSE5bzqhvz46UUzHD9nw-fGB3mGItvwy4Mdmjrp1HngoLag0RWuHUGZkiWYnM5ePOOR9pm3n8jAxeUrt2Y4R1HulHKt1T7zF5iC8sclHddr6I0IkcuzN-Papwu-bU6soymbvLxXGE8vMm63N9B-lI7nUCTqtmzvwMA3DNPNPER5FMcOk6MjdlYfK2ioYKuzyAxecXEf5OeI_jqeDB9Q06m37usZVEnKgXHlRIpSSzDQuehMhdRQ9qbOcfbhF_q9hAkNNNhkWdmgehkMWrrbVtQ3mDJxMdg/https%3A%2F%2Fwww.rfc-editor.org%2Frfc%2Frfc5730%23section-2.9.1.1>. > EPP <login> Command* > > ... > > > > A client identifier and initial password MUST be created on the > > server before a client can successfully complete a <login> command. > > The client identifier and initial password MUST be delivered to the > > client using an out-of-band method that protects the identifier and > > password from inadvertent disclosure. > > > > This design assumes a client-server authentication with a pre-established > password saved in the server. > > > > *Question*: Is there any newer RFC that brings into / extends EPP to > adopt more sophisticated login / authentication schemes? For example if a > server announces a public-key authentication algorithm and relevant > parameter it chose, a client can login with a signature given a server > challenge. > > > > Thank you! > > > Victor Zhou, > > CEO & founder of Namefi > <http://secure-web.cisco.com/1Mja19UaAwbFSjNgfR6RIvpx-8nYplf3t6cgEagMEtrXU9B6eZLT0hEfWRKLJ1MR6fqQ_oJjSciLg5vSnjb5Bidn60bGAQhQ0A6eHISAkWqSa98Bzj168HLxnpkUb45_sw07JmxfAOiDWXyZtvu0id5DhrtPKrPcW_6uCWu5vBErWOnsalWlpE9uKnL1bqngD7Q_RVQC_GfNqDLvpsthgPRgTjfinFFgcRIZgd8cWePGY98WQUgwEQ-9pAmWaM2CRUE3INxBwAprUsVF6K4gt_NCR5dDtjar_YwSyj6LARje3owiqNZS443CbyBlJ9jSXp2ZtR7NkHvLdvBv_3n7FfA/http%3A%2F%2Fnamefi.io>, > tokenizing > domain names for trading, DeFi and future Internet. https://namefi.io > <https://secure-web.cisco.com/1Kjvow_kmBa5uZHDqUZmHw6hGqUuAm38e9fElzMcgT0u7c_iXT56CKXJtO3JjlNKrTRn8xHAfot8y04K0zDnfuqZM-7hLXA7Rr_49zbgU4lltIXdqhFlRoH6atXVGGS1qKl7n4iSJvBpgh6z5xE7VK6hnqpmy1zPzw9RrUbNMoYuQQBCf72TmXzbb81qfhgz79LQe70O8ADw0XCo5NOUNQsiSzDr6A35q_ZCBaJG4xb0JTs5d7h7OfID9YlUsLcZGxa13qkkeGTx4EuzrhG2Re5DJmIP57NrqVLng-Wvy8KcaQfwvfISNqTsWB_WtXrm0PaZNMy1aIYe6zb1fec-qCg/https%3A%2F%2Fnamefi.io> > > >
_______________________________________________ regext mailing list -- regext@ietf.org To unsubscribe send an email to regext-le...@ietf.org