IETF provreg mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "Ietf-Provreg (E-mail)" <ietf-provreg@cafax.se>
From: Robert Burbidge <robert.burbidge@poptel.coop>
Date: Mon, 8 Apr 2002 10:44:07 +0100
Sender: owner-ietf-provreg@cafax.se
Subject: Session and session-less commands in EPP

draft-ietf-provreg-epp-06.txt, Section 2.8.1

Session and session-less operation
==================================

"Session-oriented and session-less operating modes MUST NOT be mixed".
Intuitively I think you mean that the two modes cannot be mixed within the
same "session" (to use the term "session" in its most generic sense).
However, consider the following outline sequence of EPP commands and
responses

1 C: <hello>....
  S: <greeting>...
2 C: <command><creds>...</creds><check>...</check></command>
  S: <response>...</response>
3 C: <command><creds>...</creds><login>...</login></command>
  S: <response>...</response>
4 C: <command><check>...</check></command>
  S: <response>...</response>
5 C: <command><logout></logout></command>
  S: <response>...</response>

In this sequence, the <check> command [2] contains its own credentials and
it has not logged in, which seems fair. The <login> command [3] then
provides credentials, and these are used by the second check command [4]. As
far as I can see, this is completely in accordance with the specification.
But as you can see it mixes "sessioned" and "session-free" operations. We
might stipulate that a <login> command MUST be the first command after
<hello> if a client wants to use session operations. But I don't think
that's particularly desirable.

<logout> command
================

"Commands other than the login command MUST NOT include identity credentials
when submitted after successfully processing a <login> command". This is
reasonable. However, what happens AFTER a <logout> command? The presumably
releases the credential set at the server end. Would it be possible to send
a <command> that includes <creds> after a successful <logout>? If the
command sequence outlined above is valid, then a sense of symmetry would
suggest that the answer is "yes", but this would be in conflict with the
quoted statement above. 

According to draft-ietf-provreg-epp-tcp-04.txt, "an EPP session is nominally
ended by the client issuing an EPP <logout> command. A server receiving an
EPP <logout> command  MUST end the EPP session and close the TCP
session...". This would seem to preclude <command> elements with <creds>
after a <logout> command. A similar comment is found in the BEEP protocol
mapping.

Does anyone have any thoughts on this?

Follow-Ups:
- Re: Session and session-less commands in EPP
  - From: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>

Prev by Date: EPP/TCP session layer
Next by Date: Re: EPP/TCP session layer
Prev by thread: RE: EPP/TCP session layer
Next by thread: Re: Session and session-less commands in EPP
Index(es):
- Date
- Thread

Home | Date list | Subject list