Skip to main content

Extensible Provisioning Protocol (EPP) Secure Authorization Information for Transfer
RFC 9154

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: Jody Kolker <>, The IESG <>,,,,,,
Subject: Protocol Action: 'Extensible Provisioning Protocol (EPP) Secure Authorization Information for Transfer' to Proposed Standard (draft-ietf-regext-secure-authinfo-transfer-07.txt)

The IESG has approved the following document:
- 'Extensible Provisioning Protocol (EPP) Secure Authorization
   Information for Transfer'
  (draft-ietf-regext-secure-authinfo-transfer-07.txt) as Proposed Standard

This document is the product of the Registration Protocols Extensions Working

The IESG contact persons are Murray Kucherawy and Francesca Palombini.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

This document defines an operational practice, using the EPP RFCs, that
leverages the use of strong random authorization information values that
are short-lived, that are not stored by the client, and that are stored
using a cryptographic hash by the server to provide for secure
authorization information used for transfers.

Working Group Summary

The document has been discussed within the regext working group with the
authors addressing all comments by incorporating agreed upon changes
into the document.  There was nothing worthy of noting during the WG

Document Quality

CentralNic has a working implementation in their production environment
as well as two other gTLD registry systems, and two ccTLD registry
systems.  Verisign has implemented a full client and server stub


Document Shepherd is Jody Kolker.
Area Director is Murray Kucherawy.

RFC Editor Note