IETF Logo Mail Archive

Re: [regext] Comments to the feedback about epp-over-http

"Thomas Corte (TANGO support)" <Thomas.Corte@knipp.de> Tue, 29 March 2022 15:29 UTC

Return-Path: <Thomas.Corte@knipp.de>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48C923A1A7B for <regext@ietfa.amsl.com>; Tue, 29 Mar 2022 08:29:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GyWQWOcJYWOi for <regext@ietfa.amsl.com>; Tue, 29 Mar 2022 08:29:42 -0700 (PDT)
Received: from kmx5a.knipp.de (kmx5a.knipp.de [195.253.6.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 533BE3A1A89 for <regext@ietf.org>; Tue, 29 Mar 2022 08:29:40 -0700 (PDT)
Received: from hp9000.do.knipp.de (hp9000.do.knipp.de [195.253.2.54]) by kmx5a.knipp.de (Postfix) with ESMTP id 4KSYQV32XYz4v6Z; Tue, 29 Mar 2022 17:29:38 +0200 (CEST)
Received: from [195.253.2.191] (dhcp191.intra.dtm.knipp.de [195.253.2.191]) by hp9000.do.knipp.de (Postfix) with ESMTP id 45CC5725C1; Tue, 29 Mar 2022 17:29:38 +0200 (MESZ)
Message-ID: <8e77efa3-1b8d-2f8f-2489-e9cbede044c1@knipp.de>
Date: Tue, 29 Mar 2022 17:29:42 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Content-Language: en-US
To: regext@ietf.org
References: <6ae5ea77-10a5-8eeb-cbbc-f08dc8831140@iit.cnr.it> <06e5bacb-897a-735b-7d32-4b812e8b37c3@knipp.de> <b190109a-931c-be4c-61cf-e81dfa39a374@iit.cnr.it>
Cc: support@tango-rs.com
From: "Thomas Corte (TANGO support)" <Thomas.Corte@knipp.de>
In-Reply-To: <b190109a-931c-be4c-61cf-e81dfa39a374@iit.cnr.it>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 4KSYQV32XYz4v6Z
X-Spamd-Result: default: False [0.00 / 15.00]; ASN(0.00)[asn:8391, ipnet:195.253.0.0/16, country:DE]; LOCAL_WL_IP(0.00)[195.253.2.54]
Authentication-Results: kmx5a.knipp.de; none
X-Rspamd-Pre-Result: action=no action; module=multimap; Matched map: LOCAL_WL_IP
X-Rspamd-Server: v1117
X-Spamd-Bar: /
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/SccQFJspx9TUh9SR6TMSiITFO2I>
Subject: Re: [regext] Comments to the feedback about epp-over-http
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2022 15:29:56 -0000

Hello Mario,

On 3/29/22 17:07, Mario Loffredo wrote:

> That's exactly my main concern about such an idea that was the same 
> supporting last proposal about EPP-over-HTTP submitted to this WG.
> 
> Making EPP completely stateful appeared,and still apeears, to me 
> inefficient and in contrast with the trend in the design of REST services.

EPP *is* stateful by definition (see "Protocol Description" in RFC 5730), 
and that has implications beyond the fact that credentials are only 
presented to the server in the <login>. The <login> also contains 
"handshake" information that tells the server which object and extension 
URIs the client understands, and that information governs the content of 
server responses during the session (e.g., which version of fee extension 
data is returned in the response to a billable operation).

Consequently, EPP would need to be completely revamped in order to 
facilitate stateless operation. All extensions relying on the <login> 
handshake would need to be rewritten. The use of cookies (a 
well-established method to maintain server state over HTTP) seems like 
the lesser evil here.

Best regards,

Thomas

-- 
TANGO REGISTRY SERVICES® is a product of:
Knipp Medien und Kommunikation GmbH
Technologiepark                             Phone: +49 231 9703-222
Martin-Schmeisser-Weg 9                       Fax: +49 231 9703-200
D-44227 Dortmund                       E-Mail: support@tango-rs.com
Germany

v2.8.7 | Report a Bug | By Email