<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:25:57 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DRIVERS-2591] Pipeline first command with last step of the authentication handshake</title>
                <link>https://jira.mongodb.org/browse/DRIVERS-2591</link>
                <project id="10980" key="DRIVERS">Drivers</project>
                    <description>&lt;div class=&quot;panel&quot; style=&quot;background-color: #fafbfc;border-color: #21313c;border-style: solid;border-width: 1px;&quot;&gt;&lt;div class=&quot;panelContent&quot; style=&quot;background-color: #fafbfc;&quot;&gt;
&lt;h3&gt;&lt;a name=&quot;Summary&quot;&gt;&lt;/a&gt;&lt;b&gt;Summary&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;Related to DRIVERS-2526. Current MongoDB 6.0 drivers require 6 roundtrips with SCRAM auth to get the first command result:&lt;/p&gt;
&lt;ol&gt;
	&lt;li&gt;TCP&lt;/li&gt;
	&lt;li&gt;TLS ClientHello&lt;/li&gt;
	&lt;li&gt;TLS ClientKeyExchange&lt;/li&gt;
	&lt;li&gt;hello&lt;/li&gt;
	&lt;li&gt;saslStart skipEmptyExchange=True (skipped if speculative auth on hello succeeded DRIVERS-918 MongoDB 4.4)&lt;/li&gt;
	&lt;li&gt;saslContinue&lt;/li&gt;
	&lt;li&gt;saslContinue (skipped if skipEmptyExchange works &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-707&quot; title=&quot;Support shorter SCRAM conversation&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-707&quot;&gt;&lt;del&gt;DRIVERS-707&lt;/del&gt;&lt;/a&gt; MongoDB 4.4)&lt;/li&gt;
	&lt;li&gt;find command&lt;/li&gt;
&lt;/ol&gt;


&lt;p&gt;We can shave off one more round-trip by pipelining the command with the last step of the authentication handshake, again using SCRAM as an example:&lt;/p&gt;
&lt;ol&gt;
	&lt;li&gt;TCP&lt;/li&gt;
	&lt;li&gt;TLS ClientHello&lt;/li&gt;
	&lt;li&gt;TLS ClientKeyExchange&lt;/li&gt;
	&lt;li&gt;hello&lt;/li&gt;
	&lt;li&gt;saslStart + skipEmptyExchange=False (skipped if speculative auth on hello succeeded DRIVERS-918 MongoDB 4.4)&lt;/li&gt;
	&lt;li&gt;pipeline saslContinue + saslContinue + find
	&lt;ol&gt;
		&lt;li&gt;send saslContinue + saslContinue on the connection and assume that auth succeeds without reading the response.&lt;/li&gt;
		&lt;li&gt;return the connection normally&lt;/li&gt;
		&lt;li&gt;serialize find command&lt;/li&gt;
		&lt;li&gt;send the find command&lt;/li&gt;
		&lt;li&gt;read the first saslContinue response&lt;/li&gt;
		&lt;li&gt;read the second saslContinue response&lt;/li&gt;
		&lt;li&gt;read the find response&lt;/li&gt;
	&lt;/ol&gt;
	&lt;/li&gt;
&lt;/ol&gt;


&lt;p&gt;Concerns:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=jeff.yemin%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;jeff.yemin@mongodb.com&quot;&gt;jeff.yemin@mongodb.com&lt;/a&gt; asks &quot;Might there be security concerns with sending data before auth succeeds? I thought there was some sort of mutual authentication implied in some of the auth mechanisms.&quot;&lt;/li&gt;
&lt;/ul&gt;


&lt;h3&gt;&lt;a name=&quot;Motivation&quot;&gt;&lt;/a&gt;&lt;b&gt;Motivation&lt;/b&gt;&lt;/h3&gt;

&lt;p&gt;Reduce the time required for an app to get the first command result. &lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Whoistheaffectedenduser%3F&quot;&gt;&lt;/a&gt;Who is the affected end user?&lt;/h4&gt;
&lt;p&gt;&lt;em&gt;Who are the stakeholders?&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Howdoesthisaffecttheenduser%3F&quot;&gt;&lt;/a&gt;How does this affect the end user?&lt;/h4&gt;
&lt;p&gt;&lt;em&gt;Are they blocked? Are they annoyed? Are they confused?&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Howlikelyisitthatthisproblemorusecasewilloccur%3F&quot;&gt;&lt;/a&gt;How likely is it that this problem or use case will occur?&lt;/h4&gt;
&lt;p&gt;&lt;em&gt;Main path? Edge case?&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Iftheproblemdoesoccur%2Cwhataretheconsequencesandhowseverearethey%3F&quot;&gt;&lt;/a&gt;If the problem does occur, what are the consequences and how severe are they?&lt;/h4&gt;
&lt;p&gt;&lt;em&gt;Minor annoyance at a log message? Performance concern? Outage/unavailability? Failover can&apos;t complete?&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisissueurgent%3F&quot;&gt;&lt;/a&gt;Is this issue urgent?&lt;/h4&gt;
&lt;p&gt;&lt;em&gt;Does this ticket have a required timeline? What is it?&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisticketrequiredbyadownstreamteam%3F&quot;&gt;&lt;/a&gt;Is this ticket required by a downstream team?&lt;/h4&gt;
&lt;p&gt;&lt;em&gt;Needed by e.g. Atlas, Shell, Compass?&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisticketonlyfortests%3F&quot;&gt;&lt;/a&gt;Is this ticket only for tests?&lt;/h4&gt;
&lt;p&gt;&lt;em&gt;Does this ticket have any functional impact, or is it just test improvements?&lt;/em&gt;&lt;/p&gt;
&lt;h3&gt;&lt;a name=&quot;AcceptanceCriteria&quot;&gt;&lt;/a&gt;&lt;b&gt;Acceptance Criteria&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;em&gt;What specific requirements must be met to consider the design phase complete?&lt;/em&gt;&lt;/p&gt;
&lt;/div&gt;&lt;/div&gt;</description>
                <environment></environment>
        <key id="2302959">DRIVERS-2591</key>
            <summary>Pipeline first command with last step of the authentication handshake</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="10300" iconUrl="https://jira.mongodb.org/images/icons/priorities/medium.svg">Unknown</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="2">Won&apos;t Fix</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="shane.harvey@mongodb.com">Shane Harvey</reporter>
                        <labels>
                    </labels>
                <created>Thu, 30 Mar 2023 21:49:37 +0000</created>
                <updated>Tue, 4 Apr 2023 19:15:06 +0000</updated>
                            <resolved>Tue, 4 Apr 2023 19:15:06 +0000</resolved>
                                                        <component>FaaS</component>
                                        <votes>0</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="5324466" author="shane.harvey" created="Tue, 4 Apr 2023 19:15:06 +0000"  >&lt;p&gt;I spoke to &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=spencer.jackson%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;spencer.jackson@mongodb.com&quot;&gt;spencer.jackson@mongodb.com&lt;/a&gt; about this idea and he confirmed that SCRAM provides mutual authentication (the client validates the server&apos;s signature). I&apos;m closing this ticket as sending application data before auth succeeds would introduce new security risks. &lt;/p&gt;</comment>
                            <comment id="5323916" author="JIRAUSER1268808" created="Tue, 4 Apr 2023 16:42:06 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=shane.harvey%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;shane.harvey@mongodb.com&quot;&gt;shane.harvey@mongodb.com&lt;/a&gt; Can you look at &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=jeff.yemin%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;jeff.yemin@mongodb.com&quot;&gt;jeff.yemin@mongodb.com&lt;/a&gt; &apos;s concern in the description above and see if you can address it?&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                                        </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                            <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10951" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Driver Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10748"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i1l1nk:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>