To:
ietf-provreg@cafax.se
From:
"Liu, Hong" <Hong.Liu@neustar.biz>
Date:
Mon, 5 Aug 2002 11:19:20 -0500
Sender:
owner-ietf-provreg@cafax.se
Subject:
RE: Login Failure and Sessions
Scott, I agree with Patrick that this is a server policy issue. The protocol should not specify the exact value of N. --Hong -----Original Message----- From: Patrick [mailto:patrick@gandi.net] Sent: Monday, August 05, 2002 10:55 AM To: ietf-provreg@cafax.se Subject: Re: Login Failure and Sessions On Mon, Aug 05, 2002 at 09:52:59AM -0400, Hollenbeck, Scott took time to write: > I'm working on putting a state diagram in the EPP draft per a last-call > comment from our AD. While working through this I came across something > that we haven't captured in the documents: what should a server do in case > of a login failure due to bogus credentials? > > My preference would be for consistent behavior across all transports. I see > a few options for dealing with login failures: I think that this is a policy issue. The protocol should only state that the server MAY close the connection after login failure, so that the client knows he must deal with this case. Of course following commands (in such case as the one you describe with an email containing login-commands-lougout) are not processed, and discarded by the server. Other than that, it should be up to each Registry to see if they prefer to close the connection, limit the number of attempts or do not limit anything. Patrick.