Re: [regext] Comments to the feedback about epp-over-http

Mario Loffredo <mario.loffredo@iit.cnr.it> Thu, 31 March 2022 17:46 UTC

Return-Path: <mario.loffredo@iit.cnr.it>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59E3F3A157D for <regext@ietfa.amsl.com>; Thu, 31 Mar 2022 10:46:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SjBGFsGQX6a0 for <regext@ietfa.amsl.com>; Thu, 31 Mar 2022 10:46:04 -0700 (PDT)
Received: from smtp.iit.cnr.it (mx4.iit.cnr.it [146.48.58.11]) by ietfa.amsl.com (Postfix) with ESMTP id 2BA3B3A1550 for <regext@ietf.org>; Thu, 31 Mar 2022 10:46:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.iit.cnr.it (Postfix) with ESMTP id 9ECEEB808EE; Thu, 31 Mar 2022 19:46:01 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mx4.iit.cnr.it
Received: from smtp.iit.cnr.it ([127.0.0.1]) by localhost (mx4.iit.cnr.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yFP4kBKhkiFG; Thu, 31 Mar 2022 19:45:58 +0200 (CEST)
Received: from [192.12.193.108] (pc-loffredo.staff.nic.it [192.12.193.108]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by smtp.iit.cnr.it (Postfix) with ESMTPSA id C99AEB80AFD; Thu, 31 Mar 2022 19:45:58 +0200 (CEST)
Message-ID: <d12460f0-1057-4bcd-c76f-183ff18510b6@iit.cnr.it>
Date: Thu, 31 Mar 2022 19:44:02 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
To: "Thomas Corte (TANGO support)" <Thomas.Corte@knipp.de>, regext@ietf.org
References: <0843A6FD-79B8-45B9-BE58-0BCED21C19B0@verisign.com> <1b87995b-700b-0d16-1241-c69cf142c3f7@iit.cnr.it> <8346151e-acc1-8e9a-f8ce-ac4d2f6a8dac@knipp.de> <759658bd-4781-a9cb-b7dd-88ba596fe2b0@iit.cnr.it> <460e37b5-3d0c-7139-8c5f-1f87c36c3177@knipp.de>
From: Mario Loffredo <mario.loffredo@iit.cnr.it>
In-Reply-To: <460e37b5-3d0c-7139-8c5f-1f87c36c3177@knipp.de>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/v96Z1k_2tvRTsEih4bOhoevE5mY>
Subject: Re: [regext] Comments to the feedback about epp-over-http
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Mar 2022 17:46:09 -0000

Hi Thomas,

Il 31/03/2022 19:17, Thomas Corte (TANGO support) ha scritto:
> Hello Mario,
>
> On 3/31/22 17:36, Mario Loffredo wrote:
>
>> Starting an HTTP session when receiving an EPP command other than the 
>> Login command is in .it experience (but I can speak on behalf of .pl 
>> too) very inefficient because you can't immediately lock the HTTP 
>> session to the Registrar.
>
> Ok, but plain TCP implementations have the same problem. Unless the 
> registry requires that no two registrars have the same IP address 
> whitelisted, the server always has to wait for the <login> until it 
> knows which registrar has connected. That is, unless client 
> certificates are also in play, as suggested by Patrick, but that's not 
> a requirement in EPP, even if many registries are now requiring them.
>
>> In addition, while TCP client needs to establish a connection before 
>> sending the EPP Login command since the transport protocol is 
>> connection-oriented, an HTTP client doesn't need to do because the 
>> protocol is not connection-oriented (even if it uses connections). So 
>> why should an HTTP client be required to send a useless HTTP request? 
>> Just to operate in the same way of EPP over TCP? It's a nonsense.
>>
>> With regard to the compliance with RFC5730, the only difference with 
>> the proposed approach is that a client MAY send an Hello via POST 
>> before sending a Login. Anyway, the EPP session starts after a 
>> successful Login as defined in RFC5730 itself.
>
> Obtaining the <greeting> (which, in case of connection-less operation, 
> is actually supposed to be triggered by the client's <hello>) before 
> <login> isn't useless – the greeting contains information like 
> object/extension URIs that can be used by the client to select a 
> proper supported object/extension implementation before sending the 
> <login> (in which that support is declared). So, for HTTP, it makes 
> sense to require the client's <hello> so that the server's <greeting> 
> can be sent as the response to a proper initial request (rather than, 
> say, an awkward empty POST, or a GET request).

The point is that sending an hello before a Login is optional. If you 
are already perfectly aware of the services provided by the server, why 
should you submit an Hello to discover them?

>
> In fact, it memory serves, ITNIC's *current* EPP-over-HTTP 
> implementation *requires* a <hello> as the start of any EPP session.

Not at all.

For sure, .it implementation have never required to send an Hello before 
a Login. EPP sessions have always been started after a Login.

Trust me ;-)


Mario


> Best regards,
>
> Thomas
>
-- 
Dr. Mario Loffredo
Technological Unit “Digital Innovation”
Institute of Informatics and Telematics (IIT)
National Research Council (CNR)
via G. Moruzzi 1, I-56124 PISA, Italy
Phone: +39.0503153497
Web: http://www.iit.cnr.it/mario.loffredo