Re: [regext] EPP and rate-limiting
"Francisco Obispo" <fobispo@uniregistry.com> Fri, 17 January 2020 20:06 UTC
Return-Path: <fobispo@uniregistry.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40B5A1200A4 for <regext@ietfa.amsl.com>; Fri, 17 Jan 2020 12:06:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.988
X-Spam-Level:
X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uniregistry.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oxYG0h-Scdkf for <regext@ietfa.amsl.com>; Fri, 17 Jan 2020 12:06:41 -0800 (PST)
Received: from a-mx.uniregistry.com (a-mx.uniregistry.com [64.96.177.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4056B1200E6 for <regext@ietf.org>; Fri, 17 Jan 2020 12:06:41 -0800 (PST)
Abuse: Forward to abuse@uniregistry.com with full headers
X-Virus-Scanned: Content filter at a-mx.uniregistry.com
Powered-By: https://www.uniregistry.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uniregistry.com; s=bravo; t=1579291597; bh=iVXESQwWlbPPbrDKbVSmqL/cl4gPz0emuggZgaF7bMI=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=Y27BLHzm1aceRLRe4K+pJEzVlqnvzyMKIEXfZ20x+VGaG1T+71uEzIomxP15E1TPr PnHyeNkoeyOFOGb7rBnjE53lxYuRdt+4KArhcbXM8jgWakFIq5erDMprn/qVrGff1L zCWz4CdYk6EMc8eKoS0pvLhJ8k2MKUQ5M7VP5b8ofTi17lZAj71kR9fVCu3F0+5YGD MI8zk60jE8YWqWtvzsHXVfgraqV3MHrdRuISwPzN69W11xeQaf5CexaqXKKVGRhuvb qE8hH+hFYzacJxTvzd8nD35M0Pfg68awejUtrAH6PZ6Ws4qBiwIoovTnDhlZeaAu5R 0y/I2gW1C2oPQ==
Received: from [64.96.148.107] (v148-107.dyn.sna3.uniregistry.net [64.96.148.107] (may be forged)) (authenticated bits=0) by a-mx.uniregistry.com (8.15.2/8.15.2/Debian-8) with ESMTPSA id 00HK6bg7000476 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 17 Jan 2020 20:06:37 GMT
From: Francisco Obispo <fobispo@uniregistry.com>
To: Patrick Mevzek <pm@dotandco.com>
Cc: regext@ietf.org
Date: Fri, 17 Jan 2020 12:06:36 -0800
X-Mailer: MailMate (1.13.1r5671)
Message-ID: <13809D25-20D1-4B20-A956-B4D2E40DFDF5@uniregistry.com>
In-Reply-To: <d00eb742-be4f-4237-8304-a80fbea0dac6@www.fastmail.com>
References: <20200117143018.GA20025@nic.fr> <d00eb742-be4f-4237-8304-a80fbea0dac6@www.fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=_MailMate_0E9CD07A-CE54-407C-A455-61E4232DB755_="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/vjxXk-L8LG8MC_s9SiFKIyQGBcg>
Subject: Re: [regext] EPP and rate-limiting
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2020 20:06:46 -0000
On 17 Jan 2020, at 7:21, Patrick Mevzek wrote: > If you look at what happens in the wild, you can come to the conclusion that there is probably no proper way to handle it in EPP... as many registries with this need do things in very different ways: Hi *, I agree with Patrick here, there are other tools the RY can use to handle situations like this. In our EPP implementation we have some *reasonable limits* configured to deal with this type of situation, if the client is triggering a >=2000 error code and will continue to send the command, we basically delay the response as Patrick mentioned. We’ve had a few interesting situations that we’ve observed. We had a registrar that was sending thousands of (epp `<hello />`) commands per second, this wasn’t affecting us as the `<hello>` processing doesn’t require a lot of work, but once we detected it, a simple conversation with them was able to detect and fix a problem with their client implementation. We have another situation where the client is sending a broken EPP `hello` command, triggering a syntax error, but that itself resets the timeout ticker, so they never notice it. We’ve contacted them about it and hopefully they’ll fix it. Sending an *error* code requires the client to implement some sort of rate-limiting awareness making it non-trivial, whereas a delayed server response is handled automatically in most cases. Best, Francisco Obispo VP - Technology -------------------- Uniregistry 400 Spectrum Center Dr. Office 1660 Irvine, CA 92618 Office: +1 949 706 2300 x4202 fobispo@uniregistry.link
- [regext] EPP and rate-limiting Stephane Bortzmeyer
- Re: [regext] EPP and rate-limiting Thomas Corte (TANGO support)
- Re: [regext] EPP and rate-limiting Hollenbeck, Scott
- Re: [regext] EPP and rate-limiting bortzmeyer@nic.fr
- Re: [regext] EPP and rate-limiting Thomas Corte (TANGO support)
- Re: [regext] EPP and rate-limiting Gould, James
- Re: [regext] EPP and rate-limiting Patrick Mevzek
- Re: [regext] EPP and rate-limiting Francisco Obispo
- Re: [regext] EPP and rate-limiting InterNetX - Marco Schrieck