<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, May 21, 2014 at 10:41 AM, John Dickinson <span dir="ltr"><<a href="mailto:me@not.mn" target="_blank">me@not.mn</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Can you explain how PKI info is compressible? I thought it was encrypted, which should mean you can't compress it right?<br></blockquote><div><br></div><div>They're not encrypted - just signed and then base64 encoded. The JSON (and especially service catalog) is compressible prior to encoding.</div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span class="HOEnZb"><font color="#888888"><br>
<br>
--John<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
<br>
<br>
<br>
On May 21, 2014, at 8:32 AM, Morgan Fainberg <<a href="mailto:morgan.fainberg@gmail.com">morgan.fainberg@gmail.com</a>> wrote:<br>
<br>
> The keystone team is also looking at ways to reduce the data contained in the token. Coupled with the compression, this should get the tokens back down to a reasonable size.<br>
><br>
> Cheers,<br>
> Morgan<br>
><br>
> Sent via mobile<br>
><br>
> On Wednesday, May 21, 2014, Adam Young <<a href="mailto:ayoung@redhat.com">ayoung@redhat.com</a>> wrote:<br>
> On 05/21/2014 11:09 AM, Chuck Thier wrote:<br>
>> There is a review for swift [1] that is requesting to set the max header size to 16k to be able to support v3 keystone tokens. That might be fine if you measure you request rate in requests per minute, but this is continuing to add significant overhead to swift. Even if you *only* have 10,000 requests/sec to your swift cluster, an 8k token is adding almost 80MB/sec of bandwidth. This will seem to be equally bad (if not worse) for services like marconi.<br>
>><br>
>> When PKI tokens were first introduced, we raised concerns about the unbounded size of of the token in the header, and were told that uuid style tokens would still be usable, but all I heard at the summit, was to not use them and PKI was the future of all things.<br>
>><br>
>> At what point do we re-evaluate the decision to go with pki tokens, and that they may not be the best idea for apis like swift and marconi?<br>
><br>
> Keystone tokens were slightly shrunk at the end of the last release cycle by removing unnecessary data from each endpoint entry.<br>
><br>
> Compressed PKI tokens are enroute and will be much smaller.<br>
><br>
>><br>
>> Thanks,<br>
>><br>
>> --<br>
>> Chuck<br>
>><br>
>> [1] <a href="https://review.openstack.org/#/c/93356/" target="_blank">https://review.openstack.org/#/c/93356/</a><br>
>><br>
>><br>
>> _______________________________________________<br>
>> OpenStack-dev mailing list<br>
>><br>
>> <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
>> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
><br>
> _______________________________________________<br>
> OpenStack-dev mailing list<br>
> <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br>
</div></div><br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div></div>