On Fri, 29 May 2020 12:55:39 -0400, Peter Stuge wrote: ... > In particular those who already use rev03 in production - how do > applications currently handle the device suddenly becoming > unresponsive?
RPC hangs or closes, management console hangs or closes. Would have to check code to see which in each case, and as we have multiple client implementations the answers might not be uniform. Clients are of course free to time out, in which case they must consider the existing RPC stream to be toast. Given that we're talking about new HSM behavior where the USB device vanishes from the host OS, the current MUX might just close all connections. We could of course rewrite the MUX to do something else if we had a clear grasp of what we'd like it to do instead, but... > Or does muxd handle that, maybe queueing requests until the device > responds again? Nope, because... > Related to that: What happens with RPC session ids (is that the right name?) > across a rev03 disconnect+connect? HSM loses all knowledge of current sessions when power cycled. This is by design, and you'd have to make a pretty strong case to convince me that it's not correct. So recovery options after an HSM power cycle are pretty limited. We take a great deal of trouble to sequence keystore flash operations in a way that allows us to recover from power loss (or other form of crash) at any time, but other than that, it's dead simple: power cycle is full reboot, and anything that didn't get saved to flash is gone, other than the MKM if it retained power. _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
