headers
Hollenbeck, Scott | 21 Jul 2009 13:23
Picon
Favicon

EPP Implementation Report Help Needed

At the IESG's request, I need to find a few volunteers that are willing
to describe their EPP client implementation experience as part of an
effort to update the existing implementation report for the protocol.
I've been asked to confirm that clients and servers are performing
additional certificate identity validation steps that are described in
4934bis [1].  Both of the clients used in the original report (Key
Systems and DotRegistrar) appear to be unreachable now, so I need to
find others to complete the matrix.

I need to find two independently-developed client and server
implementations that can confirm that they are performing the checks and
that everything works OK.  I'll take care of updating the report.

Can anyone help?

-Scott-

[1] See section 9 of 4934bis, "the EPP client MUST check its
understanding of the server server name/IP address against the server's
identity as presented in the server Certificate message in order to
prevent man-in-the-middle attacks".  The need is to confirm that both
clients and servers are validating each other's identity as described in
the new certificate processing text.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
List run by majordomo software.  For (Un-)subscription and similar details
send "help" to ietf-provreg-request <at> cafax.se
Permalink | Reply |
headers
Hollenbeck, Scott | 28 Jul 2009 14:21
Picon
Favicon

RE: EPP Implementation Report Help Needed

> -----Original Message-----
> From: owner-ietf-provreg <at> cafax.se 
> [mailto:owner-ietf-provreg <at> cafax.se] On Behalf Of Hollenbeck, Scott
> Sent: Tuesday, July 21, 2009 7:24 AM
> To: ietf-provreg <at> cafax.se
> Cc: Alexey Melnikov
> Subject: [ietf-provreg] EPP Implementation Report Help Needed
> 
> At the IESG's request, I need to find a few volunteers that 
> are willing to describe their EPP client implementation 
> experience as part of an effort to update the existing 
> implementation report for the protocol.
> I've been asked to confirm that clients and servers are 
> performing additional certificate identity validation steps 
> that are described in 4934bis [1].  Both of the clients used 
> in the original report (Key Systems and DotRegistrar) appear 
> to be unreachable now, so I need to find others to complete 
> the matrix.
> 
> I need to find two independently-developed client and server 
> implementations that can confirm that they are performing the 
> checks and that everything works OK.  I'll take care of 
> updating the report.
> 
> Can anyone help?
> 
> -Scott-
> 
> [1] See section 9 of 4934bis, "the EPP client MUST check its 
> understanding of the server server name/IP address against
(Continue reading)

Permalink | Reply |
headers
James | 28 Jul 2009 14:58
Picon

Re: EPP Implementation Report Help Needed

Hi all,

I completed a third year project in 2007 on ENUM the results of which  
are a research report and a half finished provisoning tool. The tool  
was never finshed due to the lack of a repository to test against, but  
it took the form of an J2EE ear apllication with a web interface for  
the user. I have since considerd revisiting this project and finishing  
the implementation. I dont know if this is any use to you, since I  
think you are after feedback from a working implementation, however I  
would gladly give you the research report if it would help. If there  
is a need for another provisioning tool to complement existing  
solutions, I would be willing to reopen the project and provide one. I  
would need help from the community to establish what they would like  
from a tool.

I don't if any of this useful to you, but there it is anyway.

Regards,

James Cranwell-Ward

On 28 Jul 2009, at 13:21, "Hollenbeck, Scott"  
<shollenbeck <at> verisign.com> wrote:

>> -----Original Message-----
>> From: owner-ietf-provreg <at> cafax.se
>> [mailto:owner-ietf-provreg <at> cafax.se] On Behalf Of Hollenbeck, Scott
>> Sent: Tuesday, July 21, 2009 7:24 AM
>> To: ietf-provreg <at> cafax.se
>> Cc: Alexey Melnikov
(Continue reading)

Permalink | Reply |
headers
Frederico A C Neves | 28 Jul 2009 14:53
Picon
Favicon

Re: EPP Implementation Report Help Needed

Hi Scott,

On Tue, Jul 28, 2009 at 08:21:48AM -0400, Hollenbeck, Scott wrote:
...
> Asking again as I haven't seen any replies.  I *really* need some help
> from two client-side implementers.  Ed Lewis is looking into the NeuStar
> server implementation.  I've sent a note to Ram Mohan of Afilias and I'm
> waiting for a response from him as well.
> 
> If there's anyone from either Key Systems or DotRegistrar that's still
> reading this list, would you please get back to me?  Info from any other
> clients would also be useful, so please - if you're a client-side
> implementer, I could really use your help!

We could help with our client[1]

> 
> -Scott-
> 

Fred

[1] http://registro.br/epp/index-EN.html
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
List run by majordomo software.  For (Un-)subscription and similar details
send "help" to ietf-provreg-request <at> cafax.se
Permalink | Reply |
headers
Hollenbeck, Scott | 28 Jul 2009 15:07
Picon
Favicon

RE: EPP Implementation Report Help Needed

> -----Original Message-----
> From: Frederico A C Neves [mailto:fneves <at> registro.br] 
> Sent: Tuesday, July 28, 2009 8:54 AM
> To: Hollenbeck, Scott
> Cc: ietf-provreg <at> cafax.se; Alexey Melnikov
> Subject: Re: [ietf-provreg] EPP Implementation Report Help Needed
> 
> Hi Scott,
> 
> On Tue, Jul 28, 2009 at 08:21:48AM -0400, Hollenbeck, Scott wrote:
> ...
> > Asking again as I haven't seen any replies.  I *really* 
> need some help 
> > from two client-side implementers.  Ed Lewis is looking into the 
> > NeuStar server implementation.  I've sent a note to Ram Mohan of 
> > Afilias and I'm waiting for a response from him as well.
> > 
> > If there's anyone from either Key Systems or DotRegistrar 
> that's still 
> > reading this list, would you please get back to me?  Info from any 
> > other clients would also be useful, so please - if you're a 
> > client-side implementer, I could really use your help!
> 
> We could help with our client[1]

Thanks, Fred!  It largely boils down to one question: does your client
verify the identity presented in the certificate it receives from the
server as part of the TLS negotiation?  The specific checks are
described in 4934bis.
(Continue reading)

Permalink | Reply |

Gmane