Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

va: wait for all remote results before returning #7809

Open
jsha opened this issue Nov 14, 2024 · 1 comment
Open

va: wait for all remote results before returning #7809

jsha opened this issue Nov 14, 2024 · 1 comment

Comments

@jsha
Copy link
Contributor

jsha commented Nov 14, 2024

Right now, if two remote VAs return errors before the other remote VAs complete validation, the local VA will cancel the remaining RPCs and return early to the RA. This is an optimization that may save us a little work and speed up responses in some cases.

However, it adds some complexity to our VA code. As we add code to align with the MPIC ballot, we're adding further complexity. It would be nice to reduce some complexity at the same time.

The BRs say:

The CA SHALL record at least the following events:
Multi‐Perspective Issuance Corroboration attempts from each Network Perspective,
minimally recording the following information:
• a. an identifier that uniquely identifies the Network Perspective used;
• b. the attempted domain name and/or IP address; and
• c. the result of the attempt (e.g., “domain validation pass/fail”, “CAA
permission/prohibition”).

While we could record the result of the canceled attempts as "canceled", it would be nicer to simply be consistent and wait for all results.

Historical note: for a long time we had the feature flag MultiVAFullResults to allow choosing this behavior. We deprecated it in June because we weren't using it, and removed it entirely this week. That's okay!

@aarongable
Copy link
Contributor

How we cancel things has been simplified by #7832

We decided to wait on the rest of this (removing the calls to cancel(), simplifying how we wait for and read results) until the MPIC work was complete; this can now be picked up at any time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants