Hollenbeck, Scott | 18 Aug 13:16 2009
Picon

EPP Server Implementer Help Needed

I still need info from one server implementer that is willing to be
included in an implementation report and confirm that they have
implemented the TLS client identification features described in section
9 of 4934bis.  Specifically:

1. TLS implementations are REQUIRED to support the mandatory cipher
suite specified in the implemented version:

2. Mutual client and server authentication using the TLS Handshake
Protocol is REQUIRED.

3. Signatures on the complete certification path for both client machine
and server machine MUST be validated as part of the TLS handshake.

4. Information included in the client and server certificates, such as
validity periods and machine names, MUST also be validated.

5. EPP service MUST NOT be granted until successful completion of a TLS
handshake and certificate validation

Most of these come for free with a good TLS toolkit.  Are there any
server implementers willing to confirm that they've implemented these
features?  I've already confirmed that VeriSign has implemented these
features.

-Scott-

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
List run by majordomo software.  For (Un-)subscription and similar details
send "help" to ietf-provreg-request <at> cafax.se
(Continue reading)

Francisco Obispo | 18 Aug 17:59 2009
Picon

Re: EPP Server Implementer Help Needed

Hi Scott,

Although this comment might seem odd, I was wondering, why the TLS  
feature is required.

When I was in charge of .VE we decided not to include any encryption/ 
auth features besides regular user/pass simple auth.

Later on, we decided to use SSL/TLS tunneling with a sepparate  
software package, that will provide the encryption services. At first  
we used ssh, but stunnel turned out to be a better solution.
if we were to require stronger encryption, we could start by  
introducing other software packages, but taking the complications  
outside of the EPP implementation...

I don´t know if using third party software will comply with this  
requirement, because if it does, then it might be a good idea to  
switch to that instead.

Regards

Francisco

On Aug 18, 2009, at 6:46 AM, Hollenbeck, Scott wrote:

> I still need info from one server implementer that is willing to be
> included in an implementation report and confirm that they have
> implemented the TLS client identification features described in  
> section
> 9 of 4934bis.  Specifically:
(Continue reading)

Hollenbeck, Scott | 18 Aug 18:45 2009
Picon

RE: EPP Server Implementer Help Needed

TLS was selected because it was thought to provide the best fit for the requirements identified in RFC 3375.

-Scott- 

> -----Original Message-----
> From: Francisco Obispo [mailto:fobispo <at> nic.ve] 
> Sent: Tuesday, August 18, 2009 11:59 AM
> To: Hollenbeck, Scott
> Cc: ietf-provreg <at> cafax.se
> Subject: Re: [ietf-provreg] EPP Server Implementer Help Needed
> 
> Hi Scott,
> 
> Although this comment might seem odd, I was wondering, why 
> the TLS feature is required.
> 
> When I was in charge of .VE we decided not to include any 
> encryption/ auth features besides regular user/pass simple auth.
> 
> Later on, we decided to use SSL/TLS tunneling with a 
> sepparate software package, that will provide the encryption 
> services. At first we used ssh, but stunnel turned out to be 
> a better solution.
> if we were to require stronger encryption, we could start by 
> introducing other software packages, but taking the 
> complications outside of the EPP implementation...
> 
> I don´t know if using third party software will comply with 
> this requirement, because if it does, then it might be a good 
> idea to switch to that instead.
(Continue reading)

Frederico A C Neves | 19 Aug 16:59 2009
Picon

Re: EPP Server Implementer Help Needed

Scott,

On Tue, Aug 18, 2009 at 07:16:48AM -0400, Hollenbeck, Scott wrote:
> I still need info from one server implementer that is willing to be
> included in an implementation report and confirm that they have
> implemented the TLS client identification features described in section
> 9 of 4934bis.  Specifically:
> 
> 1. TLS implementations are REQUIRED to support the mandatory cipher
> suite specified in the implemented version:
> 
> 2. Mutual client and server authentication using the TLS Handshake
> Protocol is REQUIRED.
> 
> 3. Signatures on the complete certification path for both client machine
> and server machine MUST be validated as part of the TLS handshake.
> 
> 4. Information included in the client and server certificates, such as
> validity periods and machine names, MUST also be validated.
> 
> 5. EPP service MUST NOT be granted until successful completion of a TLS
> handshake and certificate validation
> 
> Most of these come for free with a good TLS toolkit.  Are there any
> server implementers willing to confirm that they've implemented these
> features?  I've already confirmed that VeriSign has implemented these
> features.

I could confirm that our server does implement all these features.

(Continue reading)

Hollenbeck, Scott | 19 Aug 17:28 2009
Picon

RE: EPP Server Implementer Help Needed

Great - thanks!  Can you tell me how you would want to see your server
implementation identified in the implementation report?

-Scott- 

> -----Original Message-----
> From: owner-ietf-provreg <at> cafax.se 
> [mailto:owner-ietf-provreg <at> cafax.se] On Behalf Of Frederico A C Neves
> Sent: Wednesday, August 19, 2009 10:59 AM
> To: ietf-provreg <at> cafax.se
> Subject: Re: [ietf-provreg] EPP Server Implementer Help Needed
> 
> Scott,
> 
> On Tue, Aug 18, 2009 at 07:16:48AM -0400, Hollenbeck, Scott wrote:
> > I still need info from one server implementer that is willing to be 
> > included in an implementation report and confirm that they have 
> > implemented the TLS client identification features described in 
> > section
> > 9 of 4934bis.  Specifically:
> > 
> > 1. TLS implementations are REQUIRED to support the mandatory cipher 
> > suite specified in the implemented version:
> > 
> > 2. Mutual client and server authentication using the TLS Handshake 
> > Protocol is REQUIRED.
> > 
> > 3. Signatures on the complete certification path for both client 
> > machine and server machine MUST be validated as part of the 
> TLS handshake.
(Continue reading)

Frederico A C Neves | 19 Aug 18:22 2009
Picon

Re: EPP Server Implementer Help Needed

On Wed, Aug 19, 2009 at 11:28:36AM -0400, Hollenbeck, Scott wrote:
> Great - thanks!  Can you tell me how you would want to see your server
> implementation identified in the implementation report?

Registro.br

> -Scott- 

Fred
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
List run by majordomo software.  For (Un-)subscription and similar details
send "help" to ietf-provreg-request <at> cafax.se

Hollenbeck, Scott | 20 Aug 14:32 2009
Picon

FW: Protocol Action: 'Extensible Provisioning Protocol (EPP) Transportover TCP' to Full Standard

4934bis has been approved by the IESG.  That's the last of the document
updates for Full Standard.  An updated implementation report can be
found here:

http://www.ietf.org/iesg/implementation/report-rfc4930-4934.txt

Thanks to everyone who helped move this forward.

-Scott-

-----Original Message-----
From: ietf-announce-bounces <at> ietf.org
[mailto:ietf-announce-bounces <at> ietf.org] On Behalf Of The IESG
Sent: Wednesday, August 19, 2009 4:01 PM
To: IETF-Announce
Cc: Internet Architecture Board; RFC Editor
Subject: Protocol Action: 'Extensible Provisioning Protocol (EPP)
Transportover TCP' to Full Standard

The IESG has approved the following document:

- 'Extensible Provisioning Protocol (EPP) Transport over TCP '
   <draft-hollenbeck-rfc4934bis-01.txt> as a Full Standard

This document has been reviewed in the IETF but is not the product of an
IETF Working Group. 

The IESG contact person is Alexey Melnikov.

A URL of this Internet-Draft is:
(Continue reading)

Patrick Mevzek | 20 Aug 16:14 2009

Re: FW: Protocol Action: 'Extensible Provisioning Protocol (EPP) Transportover TCP' to Full Standard

Hello Scott,

Hollenbeck, Scott <shollenbeck <at> verisign.com> 2009-08-20 15:10
> 4934bis has been approved by the IESG.  That's the last of the document
> updates for Full Standard.  An updated implementation report can be
> found here:
> 
> http://www.ietf.org/iesg/implementation/report-rfc4930-4934.txt
> 
> Thanks to everyone who helped move this forward.

Thanks for your work.

If it is still possible (and if not that is no big deal), can you
make the following changes:
- use the From: email address used here for me in the document

and for EPP TLDs:
- update .FR as it is used in production now (since March)
(I do not know for .SI, I think they are in production too,
same for .NO)
- add: .NL (being developed)
- add: .IT
- add: .CO.CZ (status unknown)

--

-- 
Patrick Mevzek
Dot and Co <http://www.dotandco.com/> <http://www.dotandco.net/>
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
List run by majordomo software.  For (Un-)subscription and similar details
(Continue reading)

Hollenbeck, Scott | 20 Aug 17:01 2009
Picon

RE: FW: Protocol Action: 'Extensible ProvisioningProtocol (EPP) Transportover TCP' to Full Standard

I just sent an updated report to the Secretariat for posting.

-Scott- 

> -----Original Message-----
> From: owner-ietf-provreg <at> cafax.se 
> [mailto:owner-ietf-provreg <at> cafax.se] On Behalf Of Patrick Mevzek
> Sent: Thursday, August 20, 2009 10:14 AM
> To: ietf-provreg <at> cafax.se
> Subject: Re: [ietf-provreg] FW: Protocol Action: 'Extensible 
> ProvisioningProtocol (EPP) Transportover TCP' to Full Standard
> 
> Hello Scott,
> 
> Hollenbeck, Scott <shollenbeck <at> verisign.com> 2009-08-20 15:10
> > 4934bis has been approved by the IESG.  That's the last of the 
> > document updates for Full Standard.  An updated 
> implementation report 
> > can be found here:
> > 
> > http://www.ietf.org/iesg/implementation/report-rfc4930-4934.txt
> > 
> > Thanks to everyone who helped move this forward.
> 
> Thanks for your work.
> 
> If it is still possible (and if not that is no big deal), can 
> you make the following changes:
> - use the From: email address used here for me in the document
> 
(Continue reading)

Francisco Obispo | 20 Aug 18:31 2009
Picon

Re: FW: Protocol Action: 'Extensible Provisioning Protocol (EPP) Transportover TCP' to Full Standard

Congratulations,!!..

Good job!.

Francisco

On Aug 20, 2009, at 8:02 AM, Hollenbeck, Scott wrote:

> 4934bis has been approved by the IESG.  That's the last of the  
> document
> updates for Full Standard.  An updated implementation report can be
> found here:
>
> http://www.ietf.org/iesg/implementation/report-rfc4930-4934.txt
>
> Thanks to everyone who helped move this forward.
>
> -Scott-
>
> -----Original Message-----
> From: ietf-announce-bounces <at> ietf.org
> [mailto:ietf-announce-bounces <at> ietf.org] On Behalf Of The IESG
> Sent: Wednesday, August 19, 2009 4:01 PM
> To: IETF-Announce
> Cc: Internet Architecture Board; RFC Editor
> Subject: Protocol Action: 'Extensible Provisioning Protocol (EPP)
> Transportover TCP' to Full Standard
>
> The IESG has approved the following document:
>
(Continue reading)


Gmane