UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF - RFC 9154

Extensible Provisioning Protocol (EPP) Secure Authorization Information for Transfer

active, Most Current
Organization: IETF
Publication Date: 1 December 2021
Status: active
Page Count: 22
scope:

Abstract

The Extensible Provisioning Protocol (EPP) (RFC 5730) defines the use of authorization information to authorize a transfer of an EPP object, such as a domain name, between clients that are referred to as "registrars". Object-specific, password-based authorization information (see RFCs 5731 and 5733) is commonly used but raises issues related to the security, complexity, storage, and lifetime of authentication information. This document defines an operational practice, using the EPP RFCs, that leverages the use of strong random authorization information values that are short lived, not stored by the client, and stored by the server using a cryptographic hash that provides for secure authorization information that can safely be used for object transfers.

Document History

RFC 9154
December 1, 2021
Extensible Provisioning Protocol (EPP) Secure Authorization Information for Transfer
Abstract The Extensible Provisioning Protocol (EPP) (RFC 5730) defines the use of authorization information to authorize a transfer of an EPP object, such as a domain name, between clients that are...

References

This document references:
FIPS PUB 180 - Secure Hash Standard (SHS)
Published by NPFC on March 1, 2012
This standard specifies hash algorithms that can be used to generate digests of messages. The digests are used to detect whether messages have been changed since the digests were generated.
This document references:
IETF RFC 5730 - Extensible Provisioning Protocol (EPP)
Published by IETF on August 1, 2009
A description is not available for this item.
This document references:
IETF RFC 5731 - Extensible Provisioning Protocol (EPP) Domain Name Mapping
Published by IETF on August 1, 2009
A description is not available for this item.
This document references:
IETF RFC 5733 - Extensible Provisioning Protocol (EPP) Contact Mapping
Published by IETF on August 1, 2009
A description is not available for this item.
This document references:
IETF RFC 5734 - Extensible Provisioning Protocol (EPP) Transport over TCP
Published by IETF on August 1, 2009
A description is not available for this item.
This document references:
IETF RFC 7451 - Extension Registry for the Extensible Provisioning Protocol
Published by IETF on February 1, 2015
The Extensible Provisioning Protocol (EPP) includes features to add functionality by extending the protocol. It does not, however, describe how those extensions are managed. This document describes a...
View Less
View All
Advertisement