►
From YouTube: WG-KMS Bi-Weekly Meeting for 20221018
Description
WG-KMS Bi-Weekly Meeting for 20221018
A
A
That's
based
on
the
TTL
of
the
keys
and
in
the
initial
review.
One
of
the
concerns
I
had
raised
is:
is
there
a
way
to
bound
the
maximum
size
of
the
expiry
expiring
cash
to
doesn't
have
to
be
small?
It
could
be
as
like
something
like
100
megabytes
or
something
it
just
just
doesn't
shouldn't
be
infinite.
A
A
B
A
B
A
A
At
some
point
there
wasn't
a
big
deal
that
that
could
happen,
whereas
if
we
change
the
logic
to
be
purely
path
based,
then
you
could
actually
end
up
overwriting
a
key
like
a
an
encrypted
deck
and
it
might
not
work
which,
obviously,
all
the
code
could
handle
this
right.
It
could
be
like
hey.
Let
me
get
it
from
the
cache
and
if
the
key,
that's
at
that
path
doesn't
match
it.
Well,
fine
I'll,
just
I'll,
just
go,
call
out
to
KMS
and
get
the
get
it
to
decrypted
thing
anyway.
A
B
A
No,
no
so
when
I
was
thinking
so
what
I
was
thinking
is,
if
you
were
using
the
hcd
path
as
the
key,
then
that
means
that
the
maximum
size
of
the
cash
is
the
is.
This
is
the
size
of
how
many
SED
Keys.
You
have
pretend
that
you
encrypted
everything
just
for
simplicity's
sake,
Nobody
Does
that
today,
but
if
you,
if
you
encrypted
everything
the
maximum,
is
like
the
number
of
objects
in
SCD
right
right,
all
intents
and
purposes
means
the
maximum
size
for
most
users
today
would
be
the
number
of
secrets
in
NCD
right.
A
And
so,
if
you're
remaining
it
to
100K
and
what
is
the
are
these
like
32
bits,
each
all
right,
so
you
know
so
3200k
I
forget
that
that's
some
amount
of
megabytes,
probably
it's
either
3.2
or
32-
I'm,
not
doing
math
in
my
head
right
now.
But
that
seems
okay
right
if
we
can
make
it
so
that
the
I
I
guess
having
a
cash
Miss
is
not
just
it's
not
a
big
deal.
A
A
I
think
so,
because
if
we,
if
we
didn't
distinguish
it,
we
we
might
not
be
able
to
make
a
good
assertion
about
if
this
was
like
a
good
trade-off
that
we
made
right
because
we're
what
we're
basically
saying
is
hey.
We
want
to
use
this
different
caching
mythology.
So
that
way
the
API
is
easier
to
deal
with,
because
the
user
doesn't
really
have
to
come
up
with
some
arbitrary
fixed
size
that
honestly
I've
never
seen.
A
Anyone
configure
anything
but
like
a
really
tiny
number
like
what's
the
biggest
number
I
can
type
into
this
field
before
it
like
overflows
the
end
or
something
just
because
it's
like
I,
don't
like
it's
basically
saying
I,
don't
care
right
like
it's
like
I,
just
want
to
cache
and
I.
Don't
want
to
call
my
KMS
plugin
right,
so
that
was
the
API
I
was
hoping
that
we
could
kind
of
build
out
like
hey,
you
know
under
like
normal
operating
circumstances.
You
know
you're
very
rarely,
gonna
ever
need
to
worry
about
this
config.
A
A
You're
not
you're
not
giving
up
any
security
properties
of
needing
to
talk
to
the
KMS
really
because
if
the
camera
says
hey,
my
key
has
changed.
You
will
notice
and
ask
it
to
help
in
that.
In
that
scenario
also,
so
that
I
we
still
get
rotation
correctly,
so
I
guess
just
I'll
poke
at
that
see
if
that
makes
any
sense,
yeah
I'm
gonna
say
since
Mike
was
the
one
that
suggested.
The
change
I
would
also
try
to
rope
him
in,
like
maybe
pay
him
on,
so
I
can
be
like
hey.
A
A
Yeah
I
mean
there's
I,
guess
what
we
could.
We
could
certainly
try
to
expose
some
some
helpers,
that
we
could
call
it
integration
tests
that,
like
let
us
assert,
like
maybe
the
size
of
the
cash
and
things
like
that.
So
that
way
we
can
be
like
you
know
like
we
could
write
effectively
a
stress
test
that,
like
just
shoves,
an
enormous
amount
of
data
across
a
like
like
if
we
did
like
a
bunch
of
rights
to
the
same
key.
A
We
could
assert
that
at
the
end,
the
cash
value
is
still
basically
won,
and
then
we
could
do
a
bunch
of
Rights
across
a
bunch
of
different
keys
and
then
assert
that
the
size
is
well.
It
doesn't
matter
like
you
know,
it's
still
just
the
length
of
the
different
set
of
keys.
It's
never
like
out
of
that.
A
A
Yeah
I
took
a
CPU
architecture,
scores
that
they
discussed
some
of
the
like
fancier
cash,
invalidation,
algorithms
and,
like
it
just
made
my
head
hurt
like
it
was
just
absurd
like
and
like
my
teacher
was
like
there's
not
actually
like
a
formal
proof
that
proves
this
is
correct.
It's
just
like
we
think
it's
correct.
I
was
like
that
is
not
good
enough.
A
Y'all
like
this
is
the
thing
that
does
all
the
Computing
I
need
the
thing
that
does
the
Computing
to
be
correct,
true,
so
the
the
other
thing
that
I
just
remembered
and
like
this
is
one
of
the
like
the
many
com
variant.
One
of
the
many
comments
I
put
on
your
hot
reload
PR
is
I
believe
what's
going
to
happen
today.
If
you
hot
reload,
is
you'll,
throw
away
the
edac
cache.
A
C
B
A
A
Right,
like
you,
could
you
could
make
the
argument
that
you
would
the
way
you
would
do
your
API
server
restart?
Is
you
would
bring
up
a
new
API
server
within
the
new
config
up?
First,
let
it
become
healthy
before
shutting
an
old
one
down,
basically
to
make
it
so
that
the
the
warm-up
of
that
cache
was
hidden
from
users
now,
because
it's
going
to
happen
on
a
running
cluster.
A
Maybe
it
would
just
be
shared
for
all,
like
all
KMS
plugins,
like
they'll,
just
be
just
one
big
cache,
because
it
doesn't
matter
right,
they're,
just
there's
no
like
because
the
API
server
controls
well,
it
might
be
weird,
but
there
might
be
some
weirdness
there,
but
you
know
you
could
you
could
imagine
that
you
could
pass
in
like
I,
don't
know
a
function
that
gives
you
a
cash
right
and
so
that
that
way
the
caller
could
track.
If
you
called
it
and
like
how
many
copies
are
whatever
are
out
there
or
whatever
else.
A
I'm:
okay,
if
we
don't
do
that
right
now,
like
I,
don't
think
that
has
to
like
block
your
work.
No,
like
you
can
just
say
that
what
we
have
today
is
good
enough
and
we're
still
making
we're
moving
the
ball
forward,
but
it
might
be
a
good
thing
for
us
to
basically
write
an
issue
for
and
have
it
in
our
in
our
KMS
backlog.
A
If
you're
like
yeah,
we
want
a
hot
reload,
but
like
not
throw
away
all
that
hard-earned
memory
just
because
like
right
just
because
it
was
like
hidden
under
all
the
all
the
all
the
other
layers
right,
like
the
reason,
I
I
only
noticed
this
as
I
was
like
going
through.
Your
PR
is
I,
was
in
the
state
of
mind
about
thinking
about
initials,
PR
and
then
Europe,
PR
together
and
then
I.
Remember
that
inside
the
Transformer
interface,
oh
yeah,
there's
this
cache
I
care
about
a
lot.
Because-
and
this
is
like.
B
C
Effectively
so
for
the
hot
reload
we
did
a
API
rewire
so
that
actually
nullified
our
work
earlier
or
my
work
earlier.
So
I
did
the
rewired
stuff
again
yesterday
and
get
it
got
it
to
the
working
State
and
more
also
added
some
initial
PR
comments.
Thanks
for
doing
that,
so
couple
other
things
we
want
to
get
in
into
that
pair.
A
C
C
C
A
A
A
I
was
like
how
does
one
actually
assert
that
this
thing
is
actually
correct,
because
it's
basically
built
on
a
bunch
of
os
specific
implementation
details
and
then
there's
like
four
or
five
cases
where
it's
like
just
go
ahead
and
just
add
to
the
work
you
just
in
case.
Something
fails
and
I
was
like.
A
A
Way:
okay,
so
that
that
part
is
like
weird,
but
maybe
okay,
so
yeah
I
think
it's
fine
to
leave
it.
It's
just
I,
just
wasn't
sure
if,
like
the
complexity,
really
was
worth
the
trade-off
like
because
like
if
you
change
your
encryption
config
and
it
takes
five
minutes
for
it
to
reload
versus
it,
takes
like
like
a
few
seconds
to
realize.
A
C
A
Okay,
so
on
Rita
stuff
I
have
I,
have
reviewed
her
PR
I
think
it's
like
100
ready
to
go
and
the
tests
you
know
prove
that
it's
working,
because
if
you
run
the
test
against
the
head
of
Master,
it
shows
that
custom
resources
are
not
like.
It
fails,
saying:
hey
this
custom
resource
was
supposed
to
be
encrypted,
but
it's
not
so
that
part's
really
nice.
So
you
know
we
got.
We
got
good
test
coverage.
Everything
is
good
there,
so
I
think
she's
good,
so
I'm
gonna
I
was
I.
A
A
B
A
A
Okay,
good
that'll
be
great,
so
we
can
get
something
in.
So
let
me
think
so.
We
we
definitely
want
Kristoff's
stuff
in
126..
We
want.
We
want
High,
reloading
126.
We
want
read
us
stuff
in
126.
We
want
the
seat,
I,
I,
guess
if
we
didn't
get
the
expiring
cash
change
in
126,
it's
not
the
end
of
the
world.
I
do
think
we
would
want
the
validation
stuff,
though,
because
that's
the
one
that
basically
has
like
a
you
know
a
release.
A
A
C
A
Think
that
that
is
ongoing,
but
I
think
fine,
I
I
think
the
biggest
change,
though,
is
making
it
so
custom
resources
support
the
stuff,
the
storage
version
stuff
at
all,
because
today
they
just
don't
so
we
need
to
get
that
sort
of
sorted
because
I
don't
want
another
bug
which
is
basically
hey:
custom
resources,
don't
support
X
related
to
encryption
because
yeah
like
yeah,
you,
you
added
support
for
custom
resources,
but
now
you
can't
you
can't
do
rotation
because
yeah
correctly
supported
okay,
I
really
can't
win
tonight.
Oh.
C
B
A
So
I
think
the
ID
thing
is
the
main
thing,
so
that
main
thing
will
either
so
I
I
can
see
like
three
possible
options.
We
could.
We
could
make
it
so
that
the
ID
is
random.
We
can
make
it
so
that
the
IDE
is
configured
by
the
admin
per
API
server.
So
it's
something
that
has
to
be
different
per
binary
or
we
could
make
it
so
that
it's
optionally
configured
by
the
Admin.
But
if
you
don't
configure
it,
it's
a
uid,
it
just
gets
to
it.
A
A
Well
so
I
just
but
I,
don't
think
that's
a
big
deal.
I
I
think
Andrew
Andrew
Kim
had
opened
some
tests
that
that
he
added
for
some
of
the
controllers,
so
I
think
I.
Think
the
biggest
gap
for
both
of
the
things
is
that
there's
just
not
enough
test
coverage
both
unit
and
integration,
I
think
on
all
the
different
pieces,
but
I
think
the
main
feature
for
the
ID
thing
is
just
actually
deciding.
A
Oh
there's
there's
some
CLI
flags
that
are
currently
configurable
for,
like
how
the
leases,
work
and
I
think
we
were
discussing
just
removing
the
config
and
just
hard
coding
it.
So
that
way,
it's
like
I,
like
I,
just
configuring,
lease
durations
and
like
how
often
the
API
servers
pull,
is
just
asking
for
someone
to
screw
it
up
and
instead
of
just
saying
like
this
is
how
it
always
works
on
all
API
servers
and
like
this
is
just
a
property
of
how
API
servers
refresh
their
identity
right.
A
A
What's
actually
I'm
gonna
have
to
like
read
the
whole
thing
from
top
to
bottom,
like
slowly
as
like,
you
know,
go
through
like
well,
let's
see
what
like
they
discussed
on
this
really
long
thread
and
then
I
have
to
actually
go
read
the
pr
and
something
and
what
the
code
does
so
yeah.
That
might
be.
Am
I
that's
going
to
take
some
time.