IETF Logo Mail Archive

Re: [regext] Comments to the feedback about epp-over-http

"Thomas Corte (TANGO support)" <Thomas.Corte@knipp.de> Thu, 31 March 2022 17:18 UTC

Return-Path: <Thomas.Corte@knipp.de>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A6F43A1822 for <regext@ietfa.amsl.com>; Thu, 31 Mar 2022 10:18:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yIiSC1OItZHM for <regext@ietfa.amsl.com>; Thu, 31 Mar 2022 10:17:59 -0700 (PDT)
Received: from kmx5a.knipp.de (kmx5a.knipp.de [195.253.6.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0097C3A126D for <regext@ietf.org>; Thu, 31 Mar 2022 10:17:29 -0700 (PDT)
Received: from hp9000.do.knipp.de (hp9000.do.knipp.de [IPv6:2a01:5b0:0:25::36]) by kmx5a.knipp.de (Postfix) with ESMTP id 4KTqjz2XzXz4vDB for <regext@ietf.org>; Thu, 31 Mar 2022 19:17:27 +0200 (CEST)
Received: from [195.253.2.191] (dhcp191.intra.dtm.knipp.de [195.253.2.191]) by hp9000.do.knipp.de (Postfix) with ESMTP id 0225C72648 for <regext@ietf.org>; Thu, 31 Mar 2022 19:17:26 +0200 (MESZ)
Message-ID: <460e37b5-3d0c-7139-8c5f-1f87c36c3177@knipp.de>
Date: Thu, 31 Mar 2022 19:17:26 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
From: "Thomas Corte (TANGO support)" <Thomas.Corte@knipp.de>
To: regext@ietf.org
References: <0843A6FD-79B8-45B9-BE58-0BCED21C19B0@verisign.com> <1b87995b-700b-0d16-1241-c69cf142c3f7@iit.cnr.it> <8346151e-acc1-8e9a-f8ce-ac4d2f6a8dac@knipp.de> <759658bd-4781-a9cb-b7dd-88ba596fe2b0@iit.cnr.it>
Content-Language: en-US
Organization: Knipp Medien und Kommunikation GmbH
In-Reply-To: <759658bd-4781-a9cb-b7dd-88ba596fe2b0@iit.cnr.it>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 4KTqjz2XzXz4vDB
X-Spamd-Result: default: False [0.00 / 15.00]; ASN(0.00)[asn:8391, ipnet:2a01:5b0::/32, country:DE]; LOCAL_WL_IP(0.00)[2a01:5b0:0:25::36]
Authentication-Results: kmx5a.knipp.de; none
X-Rspamd-Pre-Result: action=no action; module=multimap; Matched map: LOCAL_WL_IP
X-Rspamd-Server: v1117
X-Spamd-Bar: /
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/3uTxGlnhsdyHCIHxn0k6XDy8I6I>
Subject: Re: [regext] Comments to the feedback about epp-over-http
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Mar 2022 17:18:04 -0000

Hello Mario,

On 3/31/22 17:36, Mario Loffredo wrote:

> Starting an HTTP session when receiving an EPP command other than the 
> Login command is in .it experience (but I can speak on behalf of .pl too) 
> very inefficient because you can't immediately lock the HTTP session to 
> the Registrar.

Ok, but plain TCP implementations have the same problem. Unless the 
registry requires that no two registrars have the same IP address 
whitelisted, the server always has to wait for the <login> until it knows 
which registrar has connected. That is, unless client certificates are 
also in play, as suggested by Patrick, but that's not a requirement in 
EPP, even if many registries are now requiring them.

> In addition, while TCP client needs to establish a connection before 
> sending the EPP Login command since the transport protocol is 
> connection-oriented, an HTTP client doesn't need to do because the 
> protocol is not connection-oriented (even if it uses connections). So why 
> should an HTTP client be required to send a useless HTTP request? Just to 
> operate in the same way of EPP over TCP? It's a nonsense.
> 
> With regard to the compliance with RFC5730, the only difference with the 
> proposed approach is that a client MAY send an Hello via POST before 
> sending a Login. Anyway, the EPP session starts after a successful Login 
> as defined in RFC5730 itself.

Obtaining the <greeting> (which, in case of connection-less operation, is 
actually supposed to be triggered by the client's <hello>) before <login> 
isn't useless – the greeting contains information like object/extension 
URIs that can be used by the client to select a proper supported 
object/extension implementation before sending the <login> (in which that 
support is declared). So, for HTTP, it makes sense to require the 
client's <hello> so that the server's <greeting> can be sent as the 
response to a proper initial request (rather than, say, an awkward empty 
POST, or a GET request).

In fact, it memory serves, ITNIC's *current* EPP-over-HTTP implementation 
*requires* a <hello> as the start of any EPP session.

Best regards,

Thomas

-- 
TANGO REGISTRY SERVICES® is a product of:
Knipp Medien und Kommunikation GmbH
Technologiepark                             Phone: +49 231 9703-222
Martin-Schmeisser-Weg 9                       Fax: +49 231 9703-200
D-44227 Dortmund                       E-Mail: support@tango-rs.com
Germany

v2.8.7 | Report a Bug | By Email