This set of documents advances EPP to Standard. References
have been updated and non-normative text updates have been made.
Some clarifications on TLS server sertificate verification were done.
Working Group Summary
This is the product of an individual submitter, though the working
group mailing list of PROVREG (now closed) was used to review the
updates to the documents.
Issues raised by AD review were addressed.
There are multiple implementations of the protocol, as described in the
Edward Lewis is the document shepherd for this series
(draft-hollenbeck-rfc493*bis) of documents.
Alexey Melnikov is the responsible Area Director.
RFC Editor note:
In Section 9, insert a new paragraph after the paragraph starting with
"If the server identity check fails". (The new paragraph would be
3rd to the last):
During the TLS negotiation, the EPP server MUST verify that the client
certificate matches the reference identity previously negotiated out
of band, as specified in section 8. The server should match the entire
subject name or the subjectAltName as described in RFC 5280. The server
MAY enforce other restrictions on the subjectAltName, for example if it
knows that a particular client is always connecting from a particular