Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-707

Support shorter SCRAM conversation

    XMLWordPrintable

    Details

    • Type: Epic
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: FY20Q3
    • Component/s: None
    • Labels:
      None
    • Epic Name:
      Reduce network call for security protocols
    • SERVER fixVersion:
      4.4

      Description

      Epic Summary

       

      Summary

      This project will shorten the SCRAM conversation between client and server. The SCRAM handshake involves the following steps:

      1. The client advertises the name of the user it wishes to authenticate as.
      2. The server replies with user-specific mechanism parameters
      3. The client sends a proof of knowledge derived from the parameters and the password.
      4. The server replies with a proof that it knew the password.
      5. The client sends an empty message.
      6. The server replies with an empty message, along with the

        {done: true}

        flag.

      We will remove steps 5 and 6, and the server will advertise

      {done: true}

      in step 4.

      Clients can opt into the shorter SCRAM conversation with the following saslStart command:

      {
        saslStart: 1,
        mechanism: 'SCRAM-SHA-256',
        options: { skipEmptyExchange: true },
        payload: '...',
      }
      

      Note that older server versions will ignore the options, so no wire version check is required. The options can be sent to all server versions. Older server versions will just continue to use the longer SASL conversations, so clients needing to authenticate to pre-4.4 servers have to be able to handle both types of exchanges. 

      Documentation

      Relevant spec change

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              backlog-server-pm Backlog - Core Eng Program Management Team
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: