-
Type: Improvement
-
Resolution: Won't Fix
-
Priority: Unknown
-
None
-
Component/s: FaaS
-
None
-
Needed
Summary
Related to DRIVERS-2526. Current MongoDB 6.0 drivers require 6 roundtrips with SCRAM auth to get the first command result:
- TCP
- TLS ClientHello
- TLS ClientKeyExchange
- hello
- saslStart skipEmptyExchange=True (skipped if speculative auth on hello succeeded DRIVERS-918 MongoDB 4.4)
- saslContinue
- saslContinue (skipped if skipEmptyExchange works
DRIVERS-707MongoDB 4.4) - find command
We can shave off one more round-trip by pipelining the command with the last step of the authentication handshake, again using SCRAM as an example:
- TCP
- TLS ClientHello
- TLS ClientKeyExchange
- hello
- saslStart + skipEmptyExchange=False (skipped if speculative auth on hello succeeded DRIVERS-918 MongoDB 4.4)
- pipeline saslContinue + saslContinue + find
- send saslContinue + saslContinue on the connection and assume that auth succeeds without reading the response.
- return the connection normally
- serialize find command
- send the find command
- read the first saslContinue response
- read the second saslContinue response
- read the find response
Concerns:
- jeff.yemin@mongodb.com asks "Might there be security concerns with sending data before auth succeeds? I thought there was some sort of mutual authentication implied in some of the auth mechanisms."
Motivation
Reduce the time required for an app to get the first command result.
Who is the affected end user?
Who are the stakeholders?
How does this affect the end user?
Are they blocked? Are they annoyed? Are they confused?
How likely is it that this problem or use case will occur?
Main path? Edge case?
If the problem does occur, what are the consequences and how severe are they?
Minor annoyance at a log message? Performance concern? Outage/unavailability? Failover can't complete?
Is this issue urgent?
Does this ticket have a required timeline? What is it?
Is this ticket required by a downstream team?
Needed by e.g. Atlas, Shell, Compass?
Is this ticket only for tests?
Does this ticket have any functional impact, or is it just test improvements?
Acceptance Criteria
What specific requirements must be met to consider the design phase complete?