Login Security Extension for the Extensible Provisioning Protocol (EPP)
draft-ietf-regext-login-security-10

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Joseph Yee <jyee@afilias.info>, barryleiba@gmail.com, regext@ietf.org, rfc-editor@rfc-editor.org, regext-chairs@ietf.org, draft-ietf-regext-login-security@ietf.org, The IESG <iesg@ietf.org>, jyee@afilias.info
Subject: Protocol Action: 'Login Security Extension for the Extensible Provisioning Protocol (EPP)' to Proposed Standard (draft-ietf-regext-login-security-10.txt)

The IESG has approved the following document:
- 'Login Security Extension for the Extensible Provisioning Protocol
   (EPP)'
  (draft-ietf-regext-login-security-10.txt) as Proposed Standard

This document is the product of the Registration Protocols Extensions Working
Group.

The IESG contact persons are Adam Roach, Alexey Melnikov and Barry Leiba.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-regext-login-security/

Ballot Text

Technical Summary
The Extensible Provisioning Protocol (EPP) includes a client
authentication scheme that is based on a user identifier and password. 
The structure of the password field is defined by an XML Schema data type
that specifies minimum and maximum password length values, but there are
no other provisions for password management other than changing the
password.  This document describes an EPP extension that allows longer
passwords to be created and adds additional security features to the EPP
login command and response.


Working Group Summary
The WG discussed this topic in both mailing list and at meetings; there
are no controversies or lack of coverage.  The working group agreed to
submit this draft for publication on the Standards Track.  There were
several in-depth discussions on password complexity and its indicator
‘[LOGIN-SECURITY]’.  The WG reached consensus on the approach.

Document Quality
There is one registry implementation captured in the Implementation Status section. 

Personnel
Shepherd: Joseph Yee <jyee@afilias.info>
AD: Barry Leiba

RFC Editor Note