Technical Summary
The Extensible Provisioning Protocol (EPP) includes a client
authentication scheme that is based on a user identifier and password.
The structure of the password field is defined by an XML Schema data type
that specifies minimum and maximum password length values, but there are
no other provisions for password management other than changing the
password. This document describes an EPP extension that allows longer
passwords to be created and adds additional security features to the EPP
login command and response.
Working Group Summary
The WG discussed this topic in both mailing list and at meetings; there
are no controversies or lack of coverage. The working group agreed to
submit this draft for publication on the Standards Track. There were
several in-depth discussions on password complexity and its indicator
‘[LOGIN-SECURITY]’. The WG reached consensus on the approach.
Document Quality
There is one registry implementation captured in the Implementation Status section.
Personnel
Shepherd: Joseph Yee <jyee@afilias.info>
AD: Barry Leiba