RFC 9154
Extensible Provisioning Protocol (EPP) Secure Authorization Information for Transfer, December 2021
- File formats:
- Also available: XML file for editing
- Status:
- PROPOSED STANDARD
- Authors:
- J. Gould
R. Wilhelm - Stream:
- IETF
- Source:
- regext (art)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC9154
Discuss this RFC: Send questions or comments to the mailing list regext@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 9154
Abstract
The Extensible Provisioning Protocol (EPP) (RFC 5730) defines the use of authorization information to authorize a transfer of an EPP object, such as a domain name, between clients that are referred to as "registrars". Object-specific, password-based authorization information (see RFCs 5731 and 5733) is commonly used but raises issues related to the security, complexity, storage, and lifetime of authentication information. This document defines an operational practice, using the EPP RFCs, that leverages the use of strong random authorization information values that are short lived, not stored by the client, and stored by the server using a cryptographic hash that provides for secure authorization information that can safely be used for object transfers.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.