RFC 9154

Extensible Provisioning Protocol (EPP) Secure Authorization Information for Transfer, December 2021

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Status:
PROPOSED STANDARD
Authors:
J. Gould
R. Wilhelm
Stream:
IETF
Source:
regext (art)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC9154

Discuss this RFC: Send questions or comments to regext@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9154


Abstract

The Extensible Provisioning Protocol (EPP) (RFC 5730) defines the use of authorization information to authorize a transfer of an EPP object, such as a domain name, between clients that are referred to as "registrars". Object-specific, password-based authorization information (see RFCs 5731 and 5733) is commonly used but raises issues related to the security, complexity, storage, and lifetime of authentication information. This document defines an operational practice, using the EPP RFCs, that leverages the use of strong random authorization information values that are short lived, not stored by the client, and stored by the server using a cryptographic hash that provides for secure authorization information that can safely be used for object transfers.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.