Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2591

Pipeline first command with last step of the authentication handshake

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Won't Fix
    • Priority: Icon: Unknown Unknown
    • None
    • Component/s: FaaS
    • Labels:
      None
    • Needed

      Summary

      Related to DRIVERS-2526. Current MongoDB 6.0 drivers require 6 roundtrips with SCRAM auth to get the first command result:

      1. TCP
      2. TLS ClientHello
      3. TLS ClientKeyExchange
      4. hello
      5. saslStart skipEmptyExchange=True (skipped if speculative auth on hello succeeded DRIVERS-918 MongoDB 4.4)
      6. saslContinue
      7. saslContinue (skipped if skipEmptyExchange works DRIVERS-707 MongoDB 4.4)
      8. find command

      We can shave off one more round-trip by pipelining the command with the last step of the authentication handshake, again using SCRAM as an example:

      1. TCP
      2. TLS ClientHello
      3. TLS ClientKeyExchange
      4. hello
      5. saslStart + skipEmptyExchange=False (skipped if speculative auth on hello succeeded DRIVERS-918 MongoDB 4.4)
      6. pipeline saslContinue + saslContinue + find
        1. send saslContinue + saslContinue on the connection and assume that auth succeeds without reading the response.
        2. return the connection normally
        3. serialize find command
        4. send the find command
        5. read the first saslContinue response
        6. read the second saslContinue response
        7. read the find response

      Concerns:

      • jeff.yemin@mongodb.com asks "Might there be security concerns with sending data before auth succeeds? I thought there was some sort of mutual authentication implied in some of the auth mechanisms."

      Motivation

      Reduce the time required for an app to get the first command result.

      Who is the affected end user?

      Who are the stakeholders?

      How does this affect the end user?

      Are they blocked? Are they annoyed? Are they confused?

      How likely is it that this problem or use case will occur?

      Main path? Edge case?

      If the problem does occur, what are the consequences and how severe are they?

      Minor annoyance at a log message? Performance concern? Outage/unavailability? Failover can't complete?

      Is this issue urgent?

      Does this ticket have a required timeline? What is it?

      Is this ticket required by a downstream team?

      Needed by e.g. Atlas, Shell, Compass?

      Is this ticket only for tests?

      Does this ticket have any functional impact, or is it just test improvements?

      Acceptance Criteria

      What specific requirements must be met to consider the design phase complete?

            Assignee:
            Unassigned Unassigned
            Reporter:
            shane.harvey@mongodb.com Shane Harvey
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: