Hello Mario,
On 3/31/22 17:36, Mario Loffredo wrote:
Starting an HTTP session when receiving an EPP command other than the
Login command is in .it experience (but I can speak on behalf of .pl too)
very inefficient because you can't immediately lock the HTTP session to
the Registrar.
Ok, but plain TCP implementations have the same problem. Unless the
registry requires that no two registrars have the same IP address
whitelisted, the server always has to wait for the <login> until it knows
which registrar has connected. That is, unless client certificates are
also in play, as suggested by Patrick, but that's not a requirement in
EPP, even if many registries are now requiring them.
In addition, while TCP client needs to establish a connection before
sending the EPP Login command since the transport protocol is
connection-oriented, an HTTP client doesn't need to do because the
protocol is not connection-oriented (even if it uses connections). So why
should an HTTP client be required to send a useless HTTP request? Just to
operate in the same way of EPP over TCP? It's a nonsense.
With regard to the compliance with RFC5730, the only difference with the
proposed approach is that a client MAY send an Hello via POST before
sending a Login. Anyway, the EPP session starts after a successful Login
as defined in RFC5730 itself.
Obtaining the <greeting> (which, in case of connection-less operation, is
actually supposed to be triggered by the client's <hello>) before <login>
isn't useless – the greeting contains information like object/extension
URIs that can be used by the client to select a proper supported
object/extension implementation before sending the <login> (in which that
support is declared). So, for HTTP, it makes sense to require the
client's <hello> so that the server's <greeting> can be sent as the
response to a proper initial request (rather than, say, an awkward empty
POST, or a GET request).
In fact, it memory serves, ITNIC's *current* EPP-over-HTTP implementation
*requires* a <hello> as the start of any EPP session.
Best regards,
Thomas
--
TANGO REGISTRY SERVICES® is a product of:
Knipp Medien und Kommunikation GmbH
Technologiepark Phone: +49 231 9703-222
Martin-Schmeisser-Weg 9 Fax: +49 231 9703-200
D-44227 Dortmund E-Mail: [email protected]
Germany
_______________________________________________
regext mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/regext
