Re: [regext] EPP and rate-limiting
"Patrick Mevzek" <pm@dotandco.com> Fri, 17 January 2020 15:22 UTC
Return-Path: <pm@dotandco.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C934912002F for <regext@ietfa.amsl.com>; Fri, 17 Jan 2020 07:22:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dotandco.com header.b=chZ/NEUM; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=N47IEAZP
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nZTdnEyCrG1H for <regext@ietfa.amsl.com>; Fri, 17 Jan 2020 07:22:02 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9A36120018 for <regext@ietf.org>; Fri, 17 Jan 2020 07:22:01 -0800 (PST)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 100F922036 for <regext@ietf.org>; Fri, 17 Jan 2020 10:22:01 -0500 (EST)
Received: from imap1 ([10.202.2.51]) by compute3.internal (MEProxy); Fri, 17 Jan 2020 10:22:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dotandco.com; h= mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=PE6iCOcg/9o3+egJTMPFTh5bFDVW5IR tKOLyllY34jg=; b=chZ/NEUMU+WhksrnxCpXis7wkaMyU3I8YD5xItN4bB2fVcy oY/vMPVL81IQf6CqS6VP16jfuwRo/aThIy4mZvi2w6ByJoufPT/UaziHc7eIOYMv 7avGqaa8yl9HFfdyOzYuJFWJF9qoly+GHYUSeWFIYpxQdrkGFRbivKZluoVOKNAQ Lnt+3lMNvsJEXSpsO4AKp2UUcSPt6yKqH6Mn4z4zWS6j82gsj02k87saNN6NMCiL Wr5NO2f6hEkgVTO5kq6YSd0lnRfvP6rUp68uOn+D2OaSSExYxvW6jAw9VedtsqJi ErP3YTwM8a0vtEdQR3IsHei72bPqeAXC95uY0Kg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=PE6iCO cg/9o3+egJTMPFTh5bFDVW5IRtKOLyllY34jg=; b=N47IEAZPerZuj/G86eJ+/f wfwoBb+LdPEVfMd4WpeUg76YmXHXvyLcqb1MZ0BLW8CYhe5TXTsi8qgltbSLvHaS 3qegkgKztHOcYEGTCAIHkpXJeANQDHPaT0mskzrVxXTxA8C6mxnjK4XyMB8cJl6l 2nghCZkl0DVwOUwJ9QPrihCwXE/z0FtVPRzrZ9GHzj+xncAzCw0piNMEQR6nqznj 9NDXaJSWOwHYnwd+hjWghAtWNxvt7meJRQHk3GZmaberbMIeOUss6mrzuPAbN3ee pQCvnSs3WD4Wj041unUDW7QlNRvxWWs8sJf9/t1MSPFxWufwhv5lp9hfjJYFWnpw ==
X-ME-Sender: <xms:GNEhXmxY7StGvlVNbHG95uoYRs1INirufbq8B-J9FXJ0IdbzHBOKLy6YwH4>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrtdejgdejgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdfrrghtrhhitghkucfovghviigvkhdfuceophhmseguohht rghnuggtohdrtghomheqnecurfgrrhgrmhepmhgrihhlfhhrohhmpehpmhesughothgrnh gutghordgtohhmnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:GNEhXnoLIrhUETwRVH7h1fBko0qC-Ee3keSHy7ESjOy4KGs8eyQyRQ> <xmx:GNEhXkyBajBTsUE9zl8CL4OPf495e4AthYmUBIH835lgOG05zzG-fg> <xmx:GNEhXhrn04uOPeGWw1R40mwpRn_vBB8bHGyXTkgS7OBTHa0d8fu52Q> <xmx:GdEhXrlMKpBor4cbmmuCqSdoneko_t5wm0ZwCmDK83DP2xjDPu0WQA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id AFEABC200A5; Fri, 17 Jan 2020 10:22:00 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-754-g09d1619-fmstable-20200113v1
Mime-Version: 1.0
Message-Id: <d00eb742-be4f-4237-8304-a80fbea0dac6@www.fastmail.com>
In-Reply-To: <20200117143018.GA20025@nic.fr>
References: <20200117143018.GA20025@nic.fr>
Date: Fri, 17 Jan 2020 10:21:38 -0500
From: Patrick Mevzek <pm@dotandco.com>
To: regext@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/fb__nU1G3ZTXA2ZSKZNQO72V7ms>
Subject: Re: [regext] EPP and rate-limiting
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2020 15:22:08 -0000
On Fri, Jan 17, 2020, at 09:30, Stephane Bortzmeyer wrote: > Sometimes, some clients are too talkative and, for instance, try > <create> too often to grab a domain. I'm not sure of the best error > code to return when such behaviour is detected. HTTP has 429 "Too Many > Requests" (RFC 6585) but I don't find a proper code in EPP. Any idea? If you look at what happens in the wild, you can come to the conclusion that there is probably no proper way to handle it in EPP... as many registries with this need do things in very different ways: - closing the connection (2502) may be a tad too harsh - some registries are using 2201 (Authorization error) - some registries just delay the reply for some given amount of time, like if you are allowed one operation per second, you do one, if you do the other in 0.5s after the first one, then its reply will get delayed by 0.5s so that you are back to "1 per second"; for example one registry will force a 2s delay on any domain:info reply on any domain the registrar does not own - most often this is often policy, and not always very clearly documented by registries; there is also no real way for registrars to discover those things automatically (rate limiting can be per command or even per object, or depend on time of day, like create will be most severily rate limited in the time of day the registry does its deletion process). - rules can also be very complicated, like for example one registry has this one: "Limit:180 per 60 seconds per registrar" and "Limit:60,000 per day per registrar" - some registries have "hitpoints" instead of rate-limiting: for any kind of EPP errors (which would cover your case of "registrar is trying to create a domain that already exists), you get one point, and after a given amount of points in a given amount of timeframe you get shutdown completely for some given amount of time; there is again nothing standard here, some registries doing that have their own EPP extension for the registrar to know how many hitpoints it has. And the above list is far from being exhaustive... -- Patrick Mevzek pm@dotandco.com
- [regext] EPP and rate-limiting Stephane Bortzmeyer
- Re: [regext] EPP and rate-limiting Thomas Corte (TANGO support)
- Re: [regext] EPP and rate-limiting Hollenbeck, Scott
- Re: [regext] EPP and rate-limiting bortzmeyer@nic.fr
- Re: [regext] EPP and rate-limiting Thomas Corte (TANGO support)
- Re: [regext] EPP and rate-limiting Gould, James
- Re: [regext] EPP and rate-limiting Patrick Mevzek
- Re: [regext] EPP and rate-limiting Francisco Obispo
- Re: [regext] EPP and rate-limiting InterNetX - Marco Schrieck