Re: [regext] Comments to the feedback about epp-over-http

Mario Loffredo <mario.loffredo@iit.cnr.it> Tue, 29 March 2022 15:09 UTC

Return-Path: <mario.loffredo@iit.cnr.it>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40E503A120F for <regext@ietfa.amsl.com>; Tue, 29 Mar 2022 08:09:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oNd6ULjwpw6e for <regext@ietfa.amsl.com>; Tue, 29 Mar 2022 08:09:41 -0700 (PDT)
Received: from smtp.iit.cnr.it (mx4.iit.cnr.it [146.48.58.11]) by ietfa.amsl.com (Postfix) with ESMTP id 863103A1A12 for <regext@ietf.org>; Tue, 29 Mar 2022 08:09:37 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.iit.cnr.it (Postfix) with ESMTP id D8620B805A8; Tue, 29 Mar 2022 17:09:34 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mx4.iit.cnr.it
Received: from smtp.iit.cnr.it ([127.0.0.1]) by localhost (mx4.iit.cnr.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yGXjdTDPd1j6; Tue, 29 Mar 2022 17:09:32 +0200 (CEST)
Received: from [192.12.193.108] (pc-loffredo.staff.nic.it [192.12.193.108]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by smtp.iit.cnr.it (Postfix) with ESMTPSA id 2E6BFB80260; Tue, 29 Mar 2022 17:09:32 +0200 (CEST)
Message-ID: <b190109a-931c-be4c-61cf-e81dfa39a374@iit.cnr.it>
Date: Tue, 29 Mar 2022 17:07:37 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
To: "Thomas Corte (TANGO support)" <Thomas.Corte@knipp.de>, regext@ietf.org
Cc: support@tango-rs.com
References: <6ae5ea77-10a5-8eeb-cbbc-f08dc8831140@iit.cnr.it> <06e5bacb-897a-735b-7d32-4b812e8b37c3@knipp.de>
From: Mario Loffredo <mario.loffredo@iit.cnr.it>
In-Reply-To: <06e5bacb-897a-735b-7d32-4b812e8b37c3@knipp.de>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/oAZpuN1oqXwhcY4rpJLCtjV6GO0>
Subject: Re: [regext] Comments to the feedback about epp-over-http
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2022 15:09:46 -0000

Hi Thomas,

Il 29/03/2022 14:05, Thomas Corte (TANGO support) ha scritto:
> Hello,
>
> On 3/25/22 15:58, Mario Loffredo wrote:
>
>> Hi folks,
>>
>> here are in the following some comments grouped by subject to last 
>> meeting's feedback about EPP-over-HTTP:
>> ...
>> *2)  Cookies*
>>
>> Jim (Reed) asked why cookies should be used in this case.
>> ...
>> Which method other than session cookie shoud be used instead ?
>
> In terms of EPP-over-HTTP implementations in the wild, RED.ES's 
> abysmal implementation for .es comes to mind, which uses a proprietary 
> EPP extension for the submission of the EPP client's credentials along 
> with each and every command. But such a move away from a stateful EPP 
> session is surely not desirable, leaving cookies (or some other way to 
> maintain state over multiple HTTP requests) as the only sensible choice.

That's exactly my main concern about such an idea that was the same 
supporting last proposal about EPP-over-HTTP submitted to this WG.

Making EPP completely stateful appeared,and still apeears, to me 
inefficient and in contrast with the trend in the design of REST services.


Best,

Mario


>
> Best regards,
>
> Thomas Corte
>
-- 
Dr. Mario Loffredo
Technological Unit “Digital Innovation”
Institute of Informatics and Telematics (IIT)
National Research Council (CNR)
via G. Moruzzi 1, I-56124 PISA, Italy
Phone: +39.0503153497
Web: http://www.iit.cnr.it/mario.loffredo