%% You should probably cite rfc9154 instead of this I-D.
@techreport{ietf-regext-secure-authinfo-transfer-06,
    number =    {draft-ietf-regext-secure-authinfo-transfer-06},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-regext-secure-authinfo-transfer/06/},
    author =    {James Gould and Richard Wilhelm},
    title =     {{Extensible Provisioning Protocol (EPP) Secure Authorization Information for Transfer}},
    pagetotal = 30,
    year =      2021,
    month =     mar,
    day =       8,
    abstract =  {The Extensible Provisioning Protocol (EPP), in RFC 5730, defines the use of authorization information to authorize a transfer. Object- specific, password-based authorization information (see RFC 5731 and RFC 5733) is commonly used, but raises issues related to the security, complexity, storage, and lifetime of authentication information. This document defines an operational practice, using the EPP RFCs, that leverages the use of strong random authorization information values that are short-lived, not stored by the client, and stored by the server using a cryptographic hash that provides for secure authorization information that can safely be used for object transfers.},
}