Dear Sirs,
I would like
to thank for all the comments and suggestions and would like
to summarize it in one email. I believe that
this solution will already be accepted. Of course, we
will inform you about the implementation of the changes in
time and we will first deploy them in the test environment,
as usual.
1. TTL
setting
We will set the TTL for 14 days
2. Possibility to set AuthInfo by registrar
Yes, we will enable this within the "Update" object command. We will leave the strength of the password itself to each registrar, we assume that within their applications they determine the strength of the password themselves and it will be appropriate. After deployment, we will analyze the quality of the entered passwords and if it turns out to be unsatisfactory, we will return to setting the password quality. At the same time, we will publish the restrictions which are used for generating passwords by CZ.NIC. We will send the sent AuthInfo and insert it into the system with the appropriate TTL. We will not send password information as such to the owner of the object, it is up to the registrar.
3. AuthInfo authentication by registrar
Yes, we will
implement so that if (any) registrar sends AuthInfo as part
of the "info" query (for any object) then if AuthInfo is
correct, the object data is returned, if AuthInfo is bad (or
ungenerated) an error 2202 - Invalid
authorization information - is returned.
4. Send a hash if AuthInfo exists
We will not implement this - the password hash will be salted, so the password cannot be verified from it, in addition it will be done via the "Info" command
5. Regeneration of AuthInfo after info query
We will not perform it - it would not make sense if we want to enable password verification via Info query, its preservation will allow two operations of data acquisition - transfer under one AuthInfo and security is solved by TTL
We will adjust the relevant document describing the changes according to the modifications listed here.
Thank you and kind regards
Marketa Kusickova
-- Markéta Kušičková CZ.NIC, z.s.p.o. Milešovská 5 130 00 Praha 3 M +420 603 826 732
Dear Sirs,
during the end of Q2, resp. at the beginning of Q3, we plan to implement changes in the way AuthInfo is created and saved. The draft of the system is in the attached document.
Your should be affected by the change in the following situations:
- it will no longer be possible for you to keep AuthInfo in your systems for a long time and it will not be possible for you to enter or change them using EPP
- it will not be possible to read them in the EPP info command, not even for your own objects.
Please study the attached document and if you feel that it may limit you significantly or you find some aspects that we did not mention and may hinder the implementation of the proposed change, let me know.
If we do not receive any comments from you, we will work on the implementation, otherwise we will try to solve the problems so that the new situation suits all involved.
Thank you and kind regards
Marketa Kusickova
-- Markéta Kušičková CZ.NIC, z.s.p.o. Milešovská 5 130 00 Praha 3 M +420 603 826 732
_______________________________________________ Reg-zahr mailing list -- reg-zahr@lists.nic.cz To unsubscribe send an email to reg-zahr-leave@lists.nic.cz %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s