{"draft":"draft-ietf-regext-secure-authinfo-transfer-07","doc_id":"RFC9154","title":"Extensible Provisioning Protocol (EPP) Secure Authorization Information for Transfer","authors":["J. Gould","R. Wilhelm"],"format":["HTML","TEXT","PDF","XML"],"page_count":"22","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Registration Protocols Extensions","abstract":"The Extensible Provisioning Protocol (EPP) (RFC 5730) defines the use\r\nof authorization information to authorize a transfer of an EPP\r\nobject, such as a domain name, between clients that are referred to\r\nas \"registrars\". Object-specific, password-based authorization\r\ninformation (see RFCs 5731 and 5733) is commonly used but raises\r\nissues related to the security, complexity, storage, and lifetime of\r\nauthentication information. This document defines an operational\r\npractice, using the EPP RFCs, that leverages the use of strong random\r\nauthorization information values that are short lived, not stored by\r\nthe client, and stored by the server using a cryptographic hash that\r\nprovides for secure authorization information that can safely be used\r\nfor object transfers.","pub_date":"December 2021","keywords":["EPP","authinfo","random","short-lived","strong","storing","securely"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9154","errata_url":null}