Re: [Lurk] lurk@Hackathon102
Daniel Migault <daniel.migault@ericsson.com> Fri, 08 June 2018 14:04 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAD85130EB0 for <lurk@ietfa.amsl.com>; Fri, 8 Jun 2018 07:04:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.587
X-Spam-Level:
X-Spam-Status: No, score=0.587 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RZ9c5ZpdaPo8 for <lurk@ietfa.amsl.com>; Fri, 8 Jun 2018 07:04:43 -0700 (PDT)
Received: from mail-lf0-x244.google.com (mail-lf0-x244.google.com [IPv6:2a00:1450:4010:c07::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C835130E9D for <lurk@ietf.org>; Fri, 8 Jun 2018 07:04:43 -0700 (PDT)
Received: by mail-lf0-x244.google.com with SMTP id j13-v6so20255631lfb.13 for <lurk@ietf.org>; Fri, 08 Jun 2018 07:04:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=OjcnRnagW/Ay4oIUBg06eaY6IjXdv4R7uTV+JkkArnM=; b=hPRK+eIyEk7hDhlBBxGcdaYFQeMYkfMBDdSKpPUen3sM0W+3GkSU50P8KPTGZOvs+o VWjMd7qBvjAuVzt3LmONyhCpbALcAe6JE7GGmTiI3SRJi186cEPlbKPcP0026KGa/ncw 86Yh+yM7sg1bi+JaQr459EOQLNfy1y45G5hXPsDePhL71T6HL28ROQqdg7knZxPwzIKs 63HZs+GeZFbstJOli0MNRhIt2OyBbzobVbCqW885cxAgzpolfBymWMoHXJpv2r3GhoGY tjjjGvl5h9KzAvMs2G8AL68JMgnnaeBQrO0+iQb3Nw6S0uzCmW2mAdZsMWNOm6WDXYGP ruvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=OjcnRnagW/Ay4oIUBg06eaY6IjXdv4R7uTV+JkkArnM=; b=C4wGLukt35MojOPQh+u/88wNnDQp6veygS2YuGyY6x++uZ0PbCITPMal3r1orNViEG xOF2DvyoAN3oBJ5BMRUYb1Y4x9Zg3DNhzXMtLrCgn1JoFo0a07xAsj8+3iLzpLDPjI1N N5J0F+gk/QlkpH89tGUm5/gJ2QSoqkLk4ytjsu+POc3ICq+9pqQm/ldlb0OtuZmdn8Rw OoUxtqfhOaVygoU691KnBKookCrc4nTXOlnaQ+HW7O9tfDdf4+eI+xmbQXUvKIEwzHy1 H6ZBlNvBp1L9ulorlc3ybhZyREmEH6z6Jjsccck29T6mrgRkXwH+0WgdfZ7ZJu6A3A6o T0Gw==
X-Gm-Message-State: APt69E0Tun7c/QwHO1Q1C/GjPRyvJIBCgwZamFnaHmdNQxSQwjBCqShd OEiijQwt4gBA6BpzLAm7AbXv3zEslgZHh6d356I=
X-Google-Smtp-Source: ADUXVKIHxNsXlj1EUU/xgEM/RUytvDJt/SMzHOO3m0gam7dgQ9q/y5l4Tn2/LozhqbMQKVbmt4QiQtwazxIRrD4CV00=
X-Received: by 2002:a19:14ca:: with SMTP id 71-v6mr4278243lfu.126.1528466681286; Fri, 08 Jun 2018 07:04:41 -0700 (PDT)
MIME-Version: 1.0
Sender: mglt.ietf@gmail.com
Received: by 2002:a2e:9857:0:0:0:0:0 with HTTP; Fri, 8 Jun 2018 07:04:40 -0700 (PDT)
In-Reply-To: <CAMb9nTu+pbrXdwqAxzgX7KtLG6Nco46SWMBJs5zqWB84knoztA@mail.gmail.com>
References: <CADZyTk=8KkS0rGneKAiTgW79BgsDSU08B7VvJZQ234B9wmSWQA@mail.gmail.com> <CAMb9nTu+pbrXdwqAxzgX7KtLG6Nco46SWMBJs5zqWB84knoztA@mail.gmail.com>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Fri, 08 Jun 2018 10:04:40 -0400
X-Google-Sender-Auth: 8wKcIojeA6TFGSDV2ILkMkIwhjE
Message-ID: <CADZyTknCL71ecVwHj0jchL1xhY844M11SR1Uk3awschXiC+dcQ@mail.gmail.com>
To: Ori Finkelman <orif@qwilt.com>
Cc: LURK BoF <lurk@ietf.org>, sanjay.mishra=40verizon.com@dmarc.ietf.org, Dmitry Kravkov <dmitryk@qwilt.com>
Content-Type: multipart/alternative; boundary="00000000000096d5f0056e21e16c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lurk/3we2rVIP3-IXOvviGhxfS2sJj5c>
Subject: Re: [Lurk] lurk@Hackathon102
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2018 14:04:47 -0000
Thanks for the feed backs Ori, On Thu, Jun 7, 2018 at 5:15 AM, Ori Finkelman <orif@qwilt.com> wrote: > Hi Daniel and Sanjay, > > Some of the goals we may aim to achieve in the IETF102 Hackathon (some are > already under development) > + A CLurk OpenSSL implementation (ongoing work) > I agree c implementation is very important. At the current stage the client side is more important than the server side as we need it for an integration with openssl for example. + Nginx integration (ongoing work) > - benchmark for session establishment, CPU and latency > + Possibly a second cache server reference integration. ATS and Varnish > are good candidates > + A second LURK server implementation, preferably using a more performant > language than Python, possible Go or Java. > Just to mention there is a Java implementation of a Key Server [1]. It implements a previous version of LURK, so it might be a good starting point. Note that to improve the performance of pylurk, we may also consider moving from construct 2.8 to construct 2.9 which adds a compilation feature [2]. Note that defining structures with kaita [3] who enable sharing those with Go, Java, C++, Python implementations.... so that may also be considered. Consideration of SGX would also be important I believe. > + Management model and API for the LURK key server, Daniel proposed YANG, > is there a re need for an I-D for that ? > I agree that would be usefull to have a common configuration interface among the various implementations + HA model > - What should be the HA model ? > - Load balancer ? > - Configuring the LURK client with multiple LURK server addresses ? > > That would be interesting. Probably reflexion should be described in an informational document. I would envision HA working a bit like DNS, where LURK Client being provided multiple addresses ( or fqdn) , can select the LURK Server either using round robin, given the capabilities of the LURK Server or the ping measurement. [1] https://github.com/mami-project/KeyServer [2] https://construct.readthedocs.io/en/latest/compilation.html [3] http://kaitai.io/ > Thanks, > Ori > > On Wed, May 23, 2018 at 8:28 PM, Daniel Migault < > daniel.migault@ericsson.com> wrote: > >> Thanks Sanjay for raising this point. >> >> Since we now have at least a second implementation of lurk, it would be >> good to proceed to interoperability test. >> >> Other things that come to my mind are: >> * Editing vector tests for future implementations. >> * Designing some performance measurements >> >> As far as pylurk is concerned there are multiple points we could focused >> on: >> * lurk client - sevrer communication: >> ** UDP multithreading >> ** UDP/DTLS >> ** TCP >> ** TCP/TLS >> ** HTTPS >> * updating construct to construct 2.9 >> * .... >> >> I am happy to take any comments / feed backs and add items as they come >> to my mind. >> >> Yours, >> Daniel >> >> >> >> On Tue, May 22, 2018 at 11:24 PM, <sanjay.mishra=40verizon.com@d >> marc.ietf.org> wrote: >> >>> To add to Daniel’s update, there are plans to bring an early >>> implementation at the Hackathon in Montreal (IETF102). Please feel free to >>> reach out to Daniel, Dmitry or me for any implementation related questions. >>> >>> >>> >>> -Sanjay >>> >>> >>> >>> *From:* Lurk [mailto:lurk-bounces@ietf.org] *On Behalf Of *Daniel >>> Migault >>> *Sent:* Friday, May 18, 2018 11:12 AM >>> *To:* LURK BoF <lurk@ietf.org> >>> *Subject:* [E] [Lurk] pylurk >>> >>> >>> >>> Hi, >>> >>> >>> >>> We are happy to let you know that we have been able to publish our >>> implementation of pylurk on github [1] as well as on pypi [2]. >>> >>> >>> >>> This is an early implementation of draft-mglt-lurk-lurk [3] and >>> draft-mglt-lurk-tls12 [4]. We expect to update the drafts to reflects our >>> findings while implementing soon. >>> >>> >>> >>> If you encounter any issue or have any question, feel free to raise you >>> concern and of course any comment / feed back is appreciated! >>> >>> >>> >>> Yours, >>> >>> Daniel >>> >>> >>> >>> [1] https://github.com/mglt/pylurk >>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_mglt_pylurk&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=uDsnQIk-WRzcF3eSc7AqZKkP8rKw6ND7l2U5KtRdwa4&s=i1ej8GdJ7wGzzOQdya7-frDePvxHdsWal_wFv8FPvrk&e=> >>> >>> [2] https://pypi.org/project/pylurk/ >>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__pypi.org_project_pylurk_&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=uDsnQIk-WRzcF3eSc7AqZKkP8rKw6ND7l2U5KtRdwa4&s=9pcQpr-0ORpWkMClnhrqfYjkdMuawxmuwbv1XPVbIOQ&e=> >>> >>> [3] https://datatracker.ietf.org/doc/draft-mglt-lurk-lurk/ >>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dmglt-2Dlurk-2Dlurk_&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=uDsnQIk-WRzcF3eSc7AqZKkP8rKw6ND7l2U5KtRdwa4&s=EDP277NhIg5iAp5pA0fge8nKosSirLFL9yhXSiCOooQ&e=> >>> >>> [4] https://github.com/mglt/draft-mglt-lurk-tls12/blob/master/dr >>> aft-mglt-lurk-tls12.mkd >>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_mglt_draft-2Dmglt-2Dlurk-2Dtls12_blob_master_draft-2Dmglt-2Dlurk-2Dtls12.mkd&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=uDsnQIk-WRzcF3eSc7AqZKkP8rKw6ND7l2U5KtRdwa4&s=VB1TauZ4XA0SW09Out7EdlgKP64sTiG9oP9OQHmfRfg&e=> >>> >>> >>> >>> _______________________________________________ >>> Lurk mailing list >>> Lurk@ietf.org >>> https://www.ietf.org/mailman/listinfo/lurk >>> >>> >> >> _______________________________________________ >> Lurk mailing list >> Lurk@ietf.org >> https://www.ietf.org/mailman/listinfo/lurk >> >> > > > -- > > *Ori Finkelman*Qwilt | Work: +972-72-2221647 | Mobile: +972-52-3832189 | > orif@qwilt.com > > _______________________________________________ > Lurk mailing list > Lurk@ietf.org > https://www.ietf.org/mailman/listinfo/lurk > >
- Re: [Lurk] [E] Re: lurk@Hackathon102 Daniel Migault
- Re: [Lurk] [E] Re: lurk@Hackathon102 sanjay.mishra
- Re: [Lurk] lurk@Hackathon102 Ori Finkelman
- Re: [Lurk] lurk@Hackathon102 Daniel Migault
- [Lurk] lurk@Hackathon102 Daniel Migault