IETF Logo Mail Archive

Re: [regext] Comments to the feedback about epp-over-http

Mario Loffredo <mario.loffredo@iit.cnr.it> Thu, 31 March 2022 16:59 UTC

Return-Path: <mario.loffredo@iit.cnr.it>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9883F3A1B04 for <regext@ietfa.amsl.com>; Thu, 31 Mar 2022 09:59:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1rCVueNc-MVg for <regext@ietfa.amsl.com>; Thu, 31 Mar 2022 09:58:57 -0700 (PDT)
Received: from smtp.iit.cnr.it (mx4.iit.cnr.it [146.48.58.11]) by ietfa.amsl.com (Postfix) with ESMTP id C69163A1B13 for <regext@ietf.org>; Thu, 31 Mar 2022 09:58:09 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.iit.cnr.it (Postfix) with ESMTP id 43A64B80B1C; Thu, 31 Mar 2022 18:58:06 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mx4.iit.cnr.it
Received: from smtp.iit.cnr.it ([127.0.0.1]) by localhost (mx4.iit.cnr.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qcusON49_-nk; Thu, 31 Mar 2022 18:57:58 +0200 (CEST)
Received: from [192.12.193.108] (pc-loffredo.staff.nic.it [192.12.193.108]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by smtp.iit.cnr.it (Postfix) with ESMTPSA id 6F258B8049C; Thu, 31 Mar 2022 18:57:58 +0200 (CEST)
Message-ID: <de81a129-68a4-8759-ee00-09ef2091ec22@iit.cnr.it>
Date: Thu, 31 Mar 2022 18:56:02 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
To: Patrick Mevzek <pm@dotandco.com>, regext@ietf.org
References: <0843A6FD-79B8-45B9-BE58-0BCED21C19B0@verisign.com> <1b87995b-700b-0d16-1241-c69cf142c3f7@iit.cnr.it> <8346151e-acc1-8e9a-f8ce-ac4d2f6a8dac@knipp.de> <759658bd-4781-a9cb-b7dd-88ba596fe2b0@iit.cnr.it> <58f622e5-1548-4894-a14c-c21125972a74@www.fastmail.com>
From: Mario Loffredo <mario.loffredo@iit.cnr.it>
In-Reply-To: <58f622e5-1548-4894-a14c-c21125972a74@www.fastmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/Le6-qDcq_HwVWXay9Dnif0Mw3CY>
Subject: Re: [regext] Comments to the feedback about epp-over-http
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Mar 2022 16:59:03 -0000

Hi Patrick,

thanks for your interest.

Il 31/03/2022 17:54, Patrick Mevzek ha scritto:
> On Thu, Mar 31, 2022, at 10:36, Mario Loffredo wrote:
>> Starting an HTTP session when receiving an EPP command other than the
>> Login command is in .it experience (but I can speak on behalf of .pl
>> too) very inefficient because you can't immediately lock the HTTP
>> session to the Registrar.
> I disagree.
>
> If the transport is HTTPS (and not just HTTP), the server can request
> the client to send a certificate, exactly as for EPP over TLS.
>
> In such case, for *any* HTTP request coming to the server, the server
> theoretically already knows to which client this pertains as it can
> consult the certificate given.
>
> It can be considered a weak or partial authentication, until the EPP login
> is successfully executed.

Are you talking about a signle server or a load balancing architecture 
where a proxy routes the requents to a pool of backend servers?

In addition, it is quite simple to do at socket level. It seems to me 
much more complicated at the servlet level.


Mario

>
-- 
Dr. Mario Loffredo
Technological Unit “Digital Innovation”
Institute of Informatics and Telematics (IIT)
National Research Council (CNR)
via G. Moruzzi 1, I-56124 PISA, Italy
Phone: +39.0503153497
Web: http://www.iit.cnr.it/mario.loffredo

v2.8.7 | Report a Bug | By Email