Extensible Provisioning Protocol Secure Authorization Information for Transfer
RFC 9154, “Extensible Provisioning Protocol Secure Authorization Information for Transfer”, is a Proposed Standard document published in December 2021 by J. Gould, R. Wilhelm. The canonical text is published by the RFC Editor.
Abstract
The Extensible Provisioning Protocol (EPP) (RFC 5730) defines the use of authorization information to authorize a transfer of an EPP object, such as a domain name, between clients that are referred to as "registrars". Object-specific, password-based authorization information (see RFCs 5731 and 5733) is commonly used but raises issues related to the security, complexity, storage, and lifetime of authentication information. This document defines an operational practice, using the EPP RFCs, that leverages the use of strong random authorization information values that are short lived, not stored by the client, and stored by the server using a cryptographic hash that provides for secure authorization information that can safely be used for object transfers.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9154 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9155 Deprecating MD5 and SHA-1 Signature Hashes in TLS 1.2 and DTLS 1.2
- RFC 9156 DNS Query Name Minimisation to Improve Privacy
- RFC 9157 Revised IANA Considerations for DNSSEC
- RFC 9158 Update to the Object Identifier Registry for the PKIX Working Group
- RFC 9159 IPv6 Mesh over BLUETOOTH Low Energy Using the Internet Protocol Support Profile
- RFC 9160 Export of MPLS Segment Routing Label Type Information in IP Flow Information Export
- RFC 9162 Certificate Transparency Version 2.0
- RFC 9145 Integrity Protection for the Network Service Header and Encryption of Sensitive Context Headers