[DRIVERS-2591] Pipeline first command with last step of the authentication handshake Created: 30/Mar/23  Updated: 04/Apr/23  Resolved: 04/Apr/23

Status: Closed
Project: Drivers
Component/s: FaaS
Fix Version/s: None

Type: Improvement Priority: Unknown
Reporter: Shane Harvey Assignee: Unassigned
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Driver Changes: Needed

 Description   

Summary

Related to DRIVERS-2526. Current MongoDB 6.0 drivers require 6 roundtrips with SCRAM auth to get the first command result:

  1. TCP
  2. TLS ClientHello
  3. TLS ClientKeyExchange
  4. hello
  5. saslStart skipEmptyExchange=True (skipped if speculative auth on hello succeeded DRIVERS-918 MongoDB 4.4)
  6. saslContinue
  7. saslContinue (skipped if skipEmptyExchange works DRIVERS-707 MongoDB 4.4)
  8. find command

We can shave off one more round-trip by pipelining the command with the last step of the authentication handshake, again using SCRAM as an example:

  1. TCP
  2. TLS ClientHello
  3. TLS ClientKeyExchange
  4. hello
  5. saslStart + skipEmptyExchange=False (skipped if speculative auth on hello succeeded DRIVERS-918 MongoDB 4.4)
  6. pipeline saslContinue + saslContinue + find
    1. send saslContinue + saslContinue on the connection and assume that auth succeeds without reading the response.
    2. return the connection normally
    3. serialize find command
    4. send the find command
    5. read the first saslContinue response
    6. read the second saslContinue response
    7. read the find response

Concerns:

  • jeff.yemin@mongodb.com asks "Might there be security concerns with sending data before auth succeeds? I thought there was some sort of mutual authentication implied in some of the auth mechanisms."

Motivation

Reduce the time required for an app to get the first command result.

Who is the affected end user?

Who are the stakeholders?

How does this affect the end user?

Are they blocked? Are they annoyed? Are they confused?

How likely is it that this problem or use case will occur?

Main path? Edge case?

If the problem does occur, what are the consequences and how severe are they?

Minor annoyance at a log message? Performance concern? Outage/unavailability? Failover can't complete?

Is this issue urgent?

Does this ticket have a required timeline? What is it?

Is this ticket required by a downstream team?

Needed by e.g. Atlas, Shell, Compass?

Is this ticket only for tests?

Does this ticket have any functional impact, or is it just test improvements?

Acceptance Criteria

What specific requirements must be met to consider the design phase complete?



 Comments   
Comment by Shane Harvey [ 04/Apr/23 ]

I spoke to spencer.jackson@mongodb.com about this idea and he confirmed that SCRAM provides mutual authentication (the client validates the server's signature). I'm closing this ticket as sending application data before auth succeeds would introduce new security risks.

Comment by Tom Selander [ 04/Apr/23 ]

shane.harvey@mongodb.com Can you look at jeff.yemin@mongodb.com 's concern in the description above and see if you can address it?

Generated at Thu Feb 08 08:25:57 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.