Hi Thomas,
Il 31/03/2022 19:17, Thomas Corte (TANGO support) ha scritto:
Hello Mario,
On 3/31/22 17:36, Mario Loffredo wrote:
Starting an HTTP session when receiving an EPP command other than the
Login command is in .it experience (but I can speak on behalf of .pl
too) very inefficient because you can't immediately lock the HTTP
session to the Registrar.
Ok, but plain TCP implementations have the same problem. Unless the
registry requires that no two registrars have the same IP address
whitelisted, the server always has to wait for the <login> until it
knows which registrar has connected. That is, unless client
certificates are also in play, as suggested by Patrick, but that's not
a requirement in EPP, even if many registries are now requiring them.
In addition, while TCP client needs to establish a connection before
sending the EPP Login command since the transport protocol is
connection-oriented, an HTTP client doesn't need to do because the
protocol is not connection-oriented (even if it uses connections). So
why should an HTTP client be required to send a useless HTTP request?
Just to operate in the same way of EPP over TCP? It's a nonsense.
With regard to the compliance with RFC5730, the only difference with
the proposed approach is that a client MAY send an Hello via POST
before sending a Login. Anyway, the EPP session starts after a
successful Login as defined in RFC5730 itself.
Obtaining the <greeting> (which, in case of connection-less operation,
is actually supposed to be triggered by the client's <hello>) before
<login> isn't useless – the greeting contains information like
object/extension URIs that can be used by the client to select a
proper supported object/extension implementation before sending the
<login> (in which that support is declared). So, for HTTP, it makes
sense to require the client's <hello> so that the server's <greeting>
can be sent as the response to a proper initial request (rather than,
say, an awkward empty POST, or a GET request).
The point is that sending an hello before a Login is optional. If you
are already perfectly aware of the services provided by the server, why
should you submit an Hello to discover them?
In fact, it memory serves, ITNIC's *current* EPP-over-HTTP
implementation *requires* a <hello> as the start of any EPP session.
Not at all.
For sure, .it implementation have never required to send an Hello before
a Login. EPP sessions have always been started after a Login.
Trust me ;-)
Mario
Best regards,
Thomas
--
Dr. Mario Loffredo
Technological Unit “Digital Innovation”
Institute of Informatics and Telematics (IIT)
National Research Council (CNR)
via G. Moruzzi 1, I-56124 PISA, Italy
Phone: +39.0503153497
Web: http://www.iit.cnr.it/mario.loffredo
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
