Re: [ietf-provreg] EPP Server Implementer Help Needed

[Frederico A C Neves <fneves@registro.br>]

Scott,

On Tue, Aug 18, 2009 at 07:16:48AM -0400, Hollenbeck, Scott wrote:
> I still need info from one server implementer that is willing to be
> included in an implementation report and confirm that they have
> implemented the TLS client identification features described in section
> 9 of 4934bis.  Specifically:
> 
> 1. TLS implementations are REQUIRED to support the mandatory cipher
> suite specified in the implemented version:
> 
> 2. Mutual client and server authentication using the TLS Handshake
> Protocol is REQUIRED.
> 
> 3. Signatures on the complete certification path for both client machine
> and server machine MUST be validated as part of the TLS handshake.
> 
> 4. Information included in the client and server certificates, such as
> validity periods and machine names, MUST also be validated.
> 
> 5. EPP service MUST NOT be granted until successful completion of a TLS
> handshake and certificate validation
> 
> Most of these come for free with a good TLS toolkit.  Are there any
> server implementers willing to confirm that they've implemented these
> features?  I've already confirmed that VeriSign has implemented these
> features.

I could confirm that our server does implement all these features.

On the client side I could confirm several production clients. Some
using our own client, private implementations and at least two client
using Verising NameStore and Key-Systems.

Our own client software does almost all checks except the validation
of the server name and the CN on the server certificate. Next release
will include this small patch.

> -Scott-

Fred
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
List run by majordomo software.  For (Un-)subscription and similar details
send "help" to ietf-provreg-request@cafax.se