Re: [Lurk] lurk@Hackathon102

Daniel Migault <daniel.migault@ericsson.com> Fri, 08 June 2018 14:04 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAD85130EB0 for <lurk@ietfa.amsl.com>; Fri, 8 Jun 2018 07:04:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.587
X-Spam-Level:
X-Spam-Status: No, score=0.587 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RZ9c5ZpdaPo8 for <lurk@ietfa.amsl.com>; Fri, 8 Jun 2018 07:04:43 -0700 (PDT)
Received: from mail-lf0-x244.google.com (mail-lf0-x244.google.com [IPv6:2a00:1450:4010:c07::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C835130E9D for <lurk@ietf.org>; Fri, 8 Jun 2018 07:04:43 -0700 (PDT)
Received: by mail-lf0-x244.google.com with SMTP id j13-v6so20255631lfb.13 for <lurk@ietf.org>; Fri, 08 Jun 2018 07:04:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=OjcnRnagW/Ay4oIUBg06eaY6IjXdv4R7uTV+JkkArnM=; b=hPRK+eIyEk7hDhlBBxGcdaYFQeMYkfMBDdSKpPUen3sM0W+3GkSU50P8KPTGZOvs+o VWjMd7qBvjAuVzt3LmONyhCpbALcAe6JE7GGmTiI3SRJi186cEPlbKPcP0026KGa/ncw 86Yh+yM7sg1bi+JaQr459EOQLNfy1y45G5hXPsDePhL71T6HL28ROQqdg7knZxPwzIKs 63HZs+GeZFbstJOli0MNRhIt2OyBbzobVbCqW885cxAgzpolfBymWMoHXJpv2r3GhoGY tjjjGvl5h9KzAvMs2G8AL68JMgnnaeBQrO0+iQb3Nw6S0uzCmW2mAdZsMWNOm6WDXYGP ruvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=OjcnRnagW/Ay4oIUBg06eaY6IjXdv4R7uTV+JkkArnM=; b=C4wGLukt35MojOPQh+u/88wNnDQp6veygS2YuGyY6x++uZ0PbCITPMal3r1orNViEG xOF2DvyoAN3oBJ5BMRUYb1Y4x9Zg3DNhzXMtLrCgn1JoFo0a07xAsj8+3iLzpLDPjI1N N5J0F+gk/QlkpH89tGUm5/gJ2QSoqkLk4ytjsu+POc3ICq+9pqQm/ldlb0OtuZmdn8Rw OoUxtqfhOaVygoU691KnBKookCrc4nTXOlnaQ+HW7O9tfDdf4+eI+xmbQXUvKIEwzHy1 H6ZBlNvBp1L9ulorlc3ybhZyREmEH6z6Jjsccck29T6mrgRkXwH+0WgdfZ7ZJu6A3A6o T0Gw==
X-Gm-Message-State: APt69E0Tun7c/QwHO1Q1C/GjPRyvJIBCgwZamFnaHmdNQxSQwjBCqShd OEiijQwt4gBA6BpzLAm7AbXv3zEslgZHh6d356I=
X-Google-Smtp-Source: ADUXVKIHxNsXlj1EUU/xgEM/RUytvDJt/SMzHOO3m0gam7dgQ9q/y5l4Tn2/LozhqbMQKVbmt4QiQtwazxIRrD4CV00=
X-Received: by 2002:a19:14ca:: with SMTP id 71-v6mr4278243lfu.126.1528466681286; Fri, 08 Jun 2018 07:04:41 -0700 (PDT)
MIME-Version: 1.0
Sender: mglt.ietf@gmail.com
Received: by 2002:a2e:9857:0:0:0:0:0 with HTTP; Fri, 8 Jun 2018 07:04:40 -0700 (PDT)
In-Reply-To: <CAMb9nTu+pbrXdwqAxzgX7KtLG6Nco46SWMBJs5zqWB84knoztA@mail.gmail.com>
References: <CADZyTk=8KkS0rGneKAiTgW79BgsDSU08B7VvJZQ234B9wmSWQA@mail.gmail.com> <CAMb9nTu+pbrXdwqAxzgX7KtLG6Nco46SWMBJs5zqWB84knoztA@mail.gmail.com>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Fri, 8 Jun 2018 10:04:40 -0400
X-Google-Sender-Auth: 8wKcIojeA6TFGSDV2ILkMkIwhjE
Message-ID: <CADZyTknCL71ecVwHj0jchL1xhY844M11SR1Uk3awschXiC+dcQ@mail.gmail.com>
To: Ori Finkelman <orif@qwilt.com>
Cc: LURK BoF <lurk@ietf.org>, sanjay.mishra=40verizon.com@dmarc.ietf.org, Dmitry Kravkov <dmitryk@qwilt.com>
Content-Type: multipart/alternative; boundary="00000000000096d5f0056e21e16c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lurk/3we2rVIP3-IXOvviGhxfS2sJj5c>
Subject: Re: [Lurk] lurk@Hackathon102
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2018 14:04:47 -0000

Thanks for the feed backs Ori,

On Thu, Jun 7, 2018 at 5:15 AM, Ori Finkelman <orif@qwilt.com>; wrote:

> Hi Daniel and Sanjay,
>
> Some of the goals we may aim to achieve in the IETF102 Hackathon (some are
> already under development)
> + A CLurk OpenSSL implementation (ongoing work)
>

I agree c implementation is very important. At the current stage the client
side is more important than the server side as we need it for an
integration with openssl for example.

+ Nginx integration (ongoing work)
>    - benchmark for session establishment, CPU and latency
> + Possibly a second cache server reference integration. ATS and Varnish
> are good candidates
> + A second LURK server implementation, preferably using a more performant
> language than Python, possible Go or Java.
>

Just to mention there is a Java implementation of a Key Server [1]. It
implements a previous version of LURK, so it might be a good starting
point.
Note that to improve the performance of pylurk, we may also consider moving
from construct 2.8 to construct  2.9 which adds a compilation feature [2].
Note that defining structures with kaita [3] who enable sharing those with
Go, Java, C++, Python implementations.... so that may also be considered.
Consideration of SGX would also be important I believe.



> + Management model and API for the LURK key server, Daniel proposed YANG,
> is there a re need for an I-D for that ?
>
I agree that would be usefull to have a common configuration interface
among the various implementations

+ HA model
>   - What should be the HA model ?
>   - Load balancer ?
>   - Configuring the LURK client with multiple LURK server addresses ?
>
> That would be interesting. Probably reflexion should be described in an
informational document. I would envision HA working a bit like DNS, where
LURK Client being provided multiple addresses ( or fqdn) , can select the
LURK Server either using round robin, given the capabilities of the LURK
Server or the ping measurement.


[1] https://github.com/mami-project/KeyServer
[2] https://construct.readthedocs.io/en/latest/compilation.html
[3] http://kaitai.io/



> Thanks,
> Ori
>
> On Wed, May 23, 2018 at 8:28 PM, Daniel Migault <
> daniel.migault@ericsson.com>; wrote:
>
>> Thanks Sanjay for raising this point.
>>
>> Since we now have at least a second implementation of lurk, it would be
>> good to proceed to interoperability test.
>>
>> Other things that come to my mind are:
>> * Editing vector tests for future implementations.
>> * Designing some performance measurements
>>
>> As far as pylurk is concerned there are multiple points we could focused
>> on:
>> * lurk client - sevrer communication:
>> ** UDP multithreading
>> ** UDP/DTLS
>> ** TCP
>> ** TCP/TLS
>> ** HTTPS
>> * updating construct to construct 2.9
>> * ....
>>
>> I am happy to take any comments / feed backs and add items as they come
>> to my mind.
>>
>> Yours,
>> Daniel
>>
>>
>>
>> On Tue, May 22, 2018 at 11:24 PM, <sanjay.mishra=40verizon.com@d
>> marc.ietf.org> wrote:
>>
>>> To add to Daniel’s update, there are plans to bring an early
>>> implementation at the Hackathon in Montreal (IETF102). Please feel free to
>>> reach out to Daniel, Dmitry or me for any implementation related questions.
>>>
>>>
>>>
>>> -Sanjay
>>>
>>>
>>>
>>> *From:* Lurk [mailto:lurk-bounces@ietf.org] *On Behalf Of *Daniel
>>> Migault
>>> *Sent:* Friday, May 18, 2018 11:12 AM
>>> *To:* LURK BoF <lurk@ietf.org>;
>>> *Subject:* [E] [Lurk] pylurk
>>>
>>>
>>>
>>> Hi,
>>>
>>>
>>>
>>> We are happy to let you know that we have been able to publish our
>>> implementation of pylurk on github [1] as well as on pypi [2].
>>>
>>>
>>>
>>> This is an early implementation of draft-mglt-lurk-lurk [3] and
>>> draft-mglt-lurk-tls12 [4]. We expect to update the drafts to reflects our
>>> findings while implementing soon.
>>>
>>>
>>>
>>> If you encounter any issue or have any question, feel free to raise you
>>> concern and of course any comment / feed back is appreciated!
>>>
>>>
>>>
>>> Yours,
>>>
>>> Daniel
>>>
>>>
>>>
>>> [1] https://github.com/mglt/pylurk
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_mglt_pylurk&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=uDsnQIk-WRzcF3eSc7AqZKkP8rKw6ND7l2U5KtRdwa4&s=i1ej8GdJ7wGzzOQdya7-frDePvxHdsWal_wFv8FPvrk&e=>
>>>
>>> [2] https://pypi.org/project/pylurk/
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__pypi.org_project_pylurk_&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=uDsnQIk-WRzcF3eSc7AqZKkP8rKw6ND7l2U5KtRdwa4&s=9pcQpr-0ORpWkMClnhrqfYjkdMuawxmuwbv1XPVbIOQ&e=>
>>>
>>> [3] https://datatracker.ietf.org/doc/draft-mglt-lurk-lurk/
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dmglt-2Dlurk-2Dlurk_&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=uDsnQIk-WRzcF3eSc7AqZKkP8rKw6ND7l2U5KtRdwa4&s=EDP277NhIg5iAp5pA0fge8nKosSirLFL9yhXSiCOooQ&e=>
>>>
>>> [4] https://github.com/mglt/draft-mglt-lurk-tls12/blob/master/dr
>>> aft-mglt-lurk-tls12.mkd
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_mglt_draft-2Dmglt-2Dlurk-2Dtls12_blob_master_draft-2Dmglt-2Dlurk-2Dtls12.mkd&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=uDsnQIk-WRzcF3eSc7AqZKkP8rKw6ND7l2U5KtRdwa4&s=VB1TauZ4XA0SW09Out7EdlgKP64sTiG9oP9OQHmfRfg&e=>
>>>
>>>
>>>
>>> _______________________________________________
>>> Lurk mailing list
>>> Lurk@ietf.org
>>> https://www.ietf.org/mailman/listinfo/lurk
>>>
>>>
>>
>> _______________________________________________
>> Lurk mailing list
>> Lurk@ietf.org
>> https://www.ietf.org/mailman/listinfo/lurk
>>
>>
>
>
> --
>
> *Ori Finkelman*Qwilt | Work: +972-72-2221647 | Mobile: +972-52-3832189 |
> orif@qwilt.com
>
> _______________________________________________
> Lurk mailing list
> Lurk@ietf.org
> https://www.ietf.org/mailman/listinfo/lurk
>
>