Dear REGEXT working group, cc: Scott A little while ago, we sent you an email about AuthCodeSEC( https://www.mail-archive.com/regext@ietf.org/msg05966.html)
We are looking into authentication model and we found that in Section 2.9.1.1 of RFC-5730(https://www.rfc-editor.org/rfc/rfc5730, page 20) it reads 2.9.1.1 <https://www.rfc-editor.org/rfc/rfc5730#section-2.9.1.1>. EPP <login> Command ... A client identifier and initial password MUST be created on the server before a client can successfully complete a <login> command. The client identifier and initial password MUST be delivered to the client using an out-of-band method that protects the identifier and password from inadvertent disclosure. This design assumes a client-server authentication with a pre-established password saved in the server. *Question*: Is there any newer RFC that brings into / extends EPP to adopt more sophisticated login / authentication schemes? For example if a server announces a public-key authentication algorithm and relevant parameter it chose, a client can login with a signature given a server challenge. Thank you! Victor Zhou, CEO & founder of Namefi <http://namefi.io>, tokenizing domain names for trading, DeFi and future Internet. https://namefi.io
_______________________________________________ regext mailing list -- regext@ietf.org To unsubscribe send an email to regext-le...@ietf.org
