--- 1/draft-ietf-regext-secure-authinfo-transfer-02.txt	2020-07-31 09:13:14.117120256 -0700
+++ 2/draft-ietf-regext-secure-authinfo-transfer-03.txt	2020-07-31 09:13:14.173121676 -0700
@@ -1,19 +1,19 @@
 
 Network Working Group                                           J. Gould
 Internet-Draft                                                R. Wilhelm
 Intended status: Best Current Practice                    VeriSign, Inc.
-Expires: December 14, 2020                                 June 12, 2020
+Expires: February 1, 2021                                  July 31, 2020
 
 Extensible Provisioning Protocol (EPP) Secure Authorization Information
                               for Transfer
-             draft-ietf-regext-secure-authinfo-transfer-02
+             draft-ietf-regext-secure-authinfo-transfer-03
 
 Abstract
 
    The Extensible Provisioning Protocol (EPP), in RFC 5730, defines the
    use of authorization information to authorize a transfer.  The
    authorization information is object-specific and has been defined in
    the EPP Domain Name Mapping, in RFC 5731, and the EPP Contact
    Mapping, in RFC 5733, as password-based authorization information.
    Other authorization mechanisms can be used, but in practice the
    password-based authorization information has been used at the time of
@@ -37,21 +37,21 @@
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF).  Note that other groups may also distribute
    working documents as Internet-Drafts.  The list of current Internet-
    Drafts is at https://datatracker.ietf.org/drafts/current/.
 
    Internet-Drafts are draft documents valid for a maximum of six months
    and may be updated, replaced, or obsoleted by other documents at any
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on December 14, 2020.
+   This Internet-Draft will expire on February 1, 2021.
 
 Copyright Notice
 
    Copyright (c) 2020 IETF Trust and the persons identified as the
    document authors.  All rights reserved.
 
    This document is subject to BCP 78 and the IETF Trust's Legal
    Provisions Relating to IETF Documents
    (https://trustee.ietf.org/license-info) in effect on the date of
    publication of this document.  Please review these documents
@@ -92,20 +92,21 @@
    11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  24
      11.1.  Normative References . . . . . . . . . . . . . . . . . .  24
      11.2.  URIs . . . . . . . . . . . . . . . . . . . . . . . . . .  25
    Appendix A.  Change History . . . . . . . . . . . . . . . . . . .  25
      A.1.  Change from 00 to 01  . . . . . . . . . . . . . . . . . .  25
      A.2.  Change from 01 to 02  . . . . . . . . . . . . . . . . . .  25
      A.3.  Change from 02 to 03  . . . . . . . . . . . . . . . . . .  25
      A.4.  Change from 03 to REGEXT 00 . . . . . . . . . . . . . . .  27
      A.5.  Change from REGEXT 00 to REGEXT 01  . . . . . . . . . . .  27
      A.6.  Change from REGEXT 01 to REGEXT 02  . . . . . . . . . . .  27
+     A.7.  Change from REGEXT 02 to REGEXT 03  . . . . . . . . . . .  27
    Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  27
 
 1.  Introduction
 
    The Extensible Provisioning Protocol (EPP), in [RFC5730], defines the
    use of authorization information to authorize a transfer.  The
    authorization information is object-specific and has been defined in
    the EPP Domain Name Mapping, in [RFC5731], and the EPP Contact
    Mapping, in [RFC5733], as password-based authorization information.
    Other authorization mechanisms can be used, but in practice the
@@ -246,25 +249,25 @@
        registrar for each object and provides the mechanism (over EPP)
        to coordinate a transfer of an object's sponsorship between
        registrars.
 
 3.  Signaling Client and Server Support
 
    This document does not define new protocol but a Best Current
    Practice (BCP) using the existing EPP protocol, where the client and
    the server can signal support for the BCP using a namespace URI in
    the login and greeting extension services.  The namespace URI
-   "urn:ietf:params:xml:ns:epp:bcp:secure-authinfo-transfer-0.1" is used
-   to signal support for the BCP.  The client includes the namespace URI
-   in an <svcExtension> <extURI> element of the [RFC5730] <login>
-   Command.  The server includes the namespace URI in an <svcExtension>
-   <extURI> element of the [RFC5730] Greeting.
+   "urn:ietf:params:xml:ns:epp:secure-authinfo-transfer-1.0" is used to
+   signal support for the BCP.  The client includes the namespace URI in
+   an <svcExtension> <extURI> element of the [RFC5730] <login> Command.
+   The server includes the namespace URI in an <svcExtension> <extURI>
+   element of the [RFC5730] Greeting.
 
    A client that receives the namespace URI in the server's Greeting
    extension services, can expect the following supported behavior by
    the server:
 
    1.  Support empty authorization information with a create command.
    2.  Support unsetting authorization information with an update
        command.
    3.  Support validating authorization information with an info
        command.
@@ -916,21 +920,21 @@
 
 7.1.  XML Namespace
 
    This document uses URNs to describe XML namespaces conforming to a
    registry mechanism described in [RFC3688].  The following URI
    assignment is requested of IANA:
 
    Registration request for the secure authorization information for
    transfer namespace:
 
-      URI: urn:ietf:params:xml:ns:epp:bcp:secure-authinfo-transfer-0.1
+      URI: urn:ietf:params:xml:ns:epp:secure-authinfo-transfer-1.0
       Registrant Contact: IESG
       XML: None.  Namespace URIs do not represent an XML specification.
 
 7.2.  EPP Extension Registry
 
    The EPP Best Current Practice (BCP) described in this document should
    be registered by the IANA in the EPP Extension Registry described in
    [RFC7451].  The details of the registration are as follows:
 
    Name of Extension: "Extensible Provisioning Protocol (EPP) Secure
@@ -1002,23 +1006,23 @@
 
    Name: RegistryEngine EPP Service
 
    Description: Generic high-volume EPP service for gTLDs, ccTLDs and
    SLDs
 
    Level of maturity: Deployed in CentralNic's production environment as
    well as two other gTLD registry systems, and two ccTLD registry
    systems.
 
-   Coverage: Auhtorization Information is "write only" in that the
-   registrars can set the Auhtorization Information, but not get the
-   Auhtorization Information in the Info Response.
+   Coverage: Authorization Information is "write only" in that the
+   registrars can set the Authorization Information, but not get the
+   Authorization Information in the Info Response.
 
    Licensing: Proprietary In-House software
 
    Contact: epp@centralnic.com
 
    URL: https://www.centralnic.com
 
 9.  Security Considerations
 
    Section 4.1 defines the use a secure random value for the generation
@@ -1226,20 +1230,29 @@
 
 A.6.  Change from REGEXT 01 to REGEXT 02
 
    1.  Added inclusion of random salt for the hashed authorization
        information, based on feedback from Ulrich Wisser.
    2.  Added clarification that the representation of a NULL (undefined)
        value is dependent on the type of database, based on feedback
        from Patrick Mevzek.
    3.  Filled in the Security Considerations section.
 
+A.7.  Change from REGEXT 02 to REGEXT 03
+
+   1.  Updated the XML namespace to urn:ietf:params:xml:ns:epp:secure-
+       authinfo-transfer-1.0, which removed bcp from the namespace and
+       bumped the version from 0.1 and 1.0.  Inclusion of bcp in the XML
+       namespace was discussed at the REGEXT interim meeting.
+   2.  Replaced Auhtorization with Authorization based on a review by
+       Jody Kolker.
+
 Authors' Addresses
 
    James Gould
    VeriSign, Inc.
    12061 Bluemont Way
    Reston, VA  20190
    US
 
    Email: jgould@verisign.com
    URI:   http://www.verisign.com