draft-ietf-regext-login-security-01.txt   draft-ietf-regext-login-security-02.txt 
Network Working Group J. Gould Network Working Group J. Gould
Internet-Draft M. Pozun Internet-Draft M. Pozun
Intended status: Standards Track VeriSign, Inc. Intended status: Standards Track VeriSign, Inc.
Expires: October 11, 2019 April 9, 2019 Expires: December 27, 2019 June 25, 2019
Login Security Extension for the Extensible Provisioning Protocol (EPP) Login Security Extension for the Extensible Provisioning Protocol (EPP)
draft-ietf-regext-login-security-01 draft-ietf-regext-login-security-02
Abstract Abstract
The Extensible Provisioning Protocol (EPP) includes a client The Extensible Provisioning Protocol (EPP) includes a client
authentication scheme that is based on a user identifier and authentication scheme that is based on a user identifier and
password. The structure of the password field is defined by an XML password. The structure of the password field is defined by an XML
Schema data type that specifies minimum and maximum password length Schema data type that specifies minimum and maximum password length
values, but there are no other provisions for password management values, but there are no other provisions for password management
other than changing the password. This document describes an EPP other than changing the password. This document describes an EPP
extension that allows longer passwords to be created and adds extension that allows longer passwords to be created and adds
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 11, 2019. This Internet-Draft will expire on December 27, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 25 skipping to change at page 2, line 25
3.2. "[LOGIN-SECURITY]" Password . . . . . . . . . . . . . . . 5 3.2. "[LOGIN-SECURITY]" Password . . . . . . . . . . . . . . . 5
3.3. Dates and Times . . . . . . . . . . . . . . . . . . . . . 6 3.3. Dates and Times . . . . . . . . . . . . . . . . . . . . . 6
4. EPP Command Mapping . . . . . . . . . . . . . . . . . . . . . 6 4. EPP Command Mapping . . . . . . . . . . . . . . . . . . . . . 6
4.1. EPP <login> Command . . . . . . . . . . . . . . . . . . . 6 4.1. EPP <login> Command . . . . . . . . . . . . . . . . . . . 6
5. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 14 5. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 14
5.1. Login Security Extension Schema . . . . . . . . . . . . . 14 5.1. Login Security Extension Schema . . . . . . . . . . . . . 14
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16
6.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 16 6.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 16
6.2. EPP Extension Registry . . . . . . . . . . . . . . . . . 17 6.2. EPP Extension Registry . . . . . . . . . . . . . . . . . 17
7. Implementation Status . . . . . . . . . . . . . . . . . . . . 17 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 17
8. Security Considerations . . . . . . . . . . . . . . . . . . . 17 7.1. Verisign EPP SDK . . . . . . . . . . . . . . . . . . . . 18
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18 8. Security Considerations . . . . . . . . . . . . . . . . . . . 18
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 19
10.1. Normative References . . . . . . . . . . . . . . . . . . 18 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 19
10.2. Informative References . . . . . . . . . . . . . . . . . 18 10.1. Normative References . . . . . . . . . . . . . . . . . . 19
10.2. Informative References . . . . . . . . . . . . . . . . . 19
10.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 19 10.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Appendix A. Change History . . . . . . . . . . . . . . . . . . . 19 Appendix A. Change History . . . . . . . . . . . . . . . . . . . 20
A.1. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 19 A.1. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 20
A.2. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 19 A.2. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 20
A.3. Change from 02 to 03 . . . . . . . . . . . . . . . . . . 19 A.3. Change from 02 to 03 . . . . . . . . . . . . . . . . . . 20
A.4. Change from 03 to REGEXT 00 . . . . . . . . . . . . . . . 19 A.4. Change from 03 to REGEXT 00 . . . . . . . . . . . . . . . 20
A.5. Change from REGEXT 00 to REGEXT 01 . . . . . . . . . . . 19 A.5. Change from REGEXT 00 to REGEXT 01 . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 A.6. Change from REGEXT 01 to REGEXT 02 . . . . . . . . . . . 21
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21
1. Introduction 1. Introduction
This document describes an Extensible Provisioning Protocol (EPP) This document describes an Extensible Provisioning Protocol (EPP)
extension for enhancing the security of the EPP login command in EPP extension for enhancing the security of the EPP login command in EPP
RFC 5730. The enhancements include supporting longer passwords (or RFC 5730. The enhancements include supporting longer passwords (or
passphrases) than the 16-character maximum and providing a list of passphrases) than the 16-character maximum and providing a list of
security events in the login response. The password (current and security events in the login response. The password (current and
new) in EPP RFC 5730 can be overridden by the password included in new) in EPP RFC 5730 can be overridden by the password included in
the extension to extend past the 16-character maximum. The security the extension to extend past the 16-character maximum. The security
skipping to change at page 17, line 39 skipping to change at page 17, line 39
Status: Active Status: Active
Notes: None Notes: None
7. Implementation Status 7. Implementation Status
Note to RFC Editor: Please remove this section and the reference to Note to RFC Editor: Please remove this section and the reference to
RFC 7942 [RFC7942] before publication. RFC 7942 [RFC7942] before publication.
TBD This section records the status of known implementations of the
protocol defined by this specification at the time of posting of this
Internet-Draft, and is based on a proposal described in RFC 7942
[RFC7942]. The description of implementations in this section is
intended to assist the IETF in its decision processes in progressing
drafts to RFCs. Please note that the listing of any individual
implementation here does not imply endorsement by the IETF.
Furthermore, no effort has been spent to verify the information
presented here that was supplied by IETF contributors. This is not
intended as, and must not be construed to be, a catalog of available
implementations or their features. Readers are advised to note that
other implementations may exist.
According to RFC 7942 [RFC7942], "this will allow reviewers and
working groups to assign due consideration to documents that have the
benefit of running code, which may serve as evidence of valuable
experimentation and feedback that have made the implemented protocols
more mature. It is up to the individual working groups to use this
information as they see fit".
7.1. Verisign EPP SDK
Organization: Verisign Inc.
Name: Verisign EPP SDK
Description: The Verisign EPP SDK includes both a full client
implementation and a full server stub implementation of draft-ietf-
regext-login-security.
Level of maturity: Development
Coverage: All aspects of the protocol are implemented.
Licensing: GNU Lesser General Public License
Contact: jgould@verisign.com
URL: https://www.verisign.com/en_US/channel-resources/domain-
registry-products/epp-sdks
8. Security Considerations 8. Security Considerations
The extension leaves the password (<pw> element) and new password The extension leaves the password (<pw> element) and new password
(<newPW> element) minimum length beyond 6 characters and the maximum (<newPW> element) minimum length beyond 6 characters and the maximum
length up to sever policy. The server SHOULD enforce minimum and length up to sever policy. The server SHOULD enforce minimum and
maximum length requirements that are appropriate for their operating maximum length requirements that are appropriate for their operating
environment. One example of a guideline for password length policies environment. One example of a guideline for password length policies
can be found in section 5 of NIST Special Publication 800-63B [1]. can be found in section 5 of NIST Special Publication 800-63B [1].
skipping to change at page 20, line 7 skipping to change at page 21, line 5
A.5. Change from REGEXT 00 to REGEXT 01 A.5. Change from REGEXT 00 to REGEXT 01
Changed the <loginSec:userAgent> element to be structured with the Changed the <loginSec:userAgent> element to be structured with the
<loginSec:app>, <loginSec:tech>, and <loginSec:os> sub-elements. <loginSec:app>, <loginSec:tech>, and <loginSec:os> sub-elements.
This was based on the feedback from Martin Casanova. This resulted This was based on the feedback from Martin Casanova. This resulted
in the need to change the XML namespace from in the need to change the XML namespace from
urn:ietf:params:xml:ns:epp:loginSec-0.3 to urn:ietf:params:xml:ns:epp:loginSec-0.3 to
urn:ietf:params:xml:ns:epp:loginSec-0.4. urn:ietf:params:xml:ns:epp:loginSec-0.4.
A.6. Change from REGEXT 01 to REGEXT 02
Updated the Implementation Status section from "TBD" to include the
Verisign EPP SDK implementation.
Authors' Addresses Authors' Addresses
James Gould James Gould
VeriSign, Inc. VeriSign, Inc.
12061 Bluemont Way 12061 Bluemont Way
Reston, VA 20190 Reston, VA 20190
US US
Email: jgould@verisign.com Email: jgould@verisign.com
URI: http://www.verisign.com URI: http://www.verisign.com
 End of changes. 7 change blocks. 
16 lines changed or deleted 62 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/