►
From YouTube: WG KMS Meeting for 20221129 (SIG Auth)
Description
WG KMS Meeting for 20221129 (SIG Auth)
A
A
We
this
time
of
year,
is
really
weird,
because
a
lot
of
people
have
holidays
and
like
basically
as
soon
as
you
come
back
in
January,
it's
like
enhancements
freeze
so
like
it
seems
like
you
have
time,
but
you
don't
because
when
you
take
out
the
holidays
and
the
fact
that
you
come
back
like
sort
of
half
functioning
after
the
holidays
today,
there's
actually
no
time
at
all,
I
mean
you
actually
look
up
the
days
real
fast.
That.
A
A
C
A
Yeah
we
yeah
we,
we
have
to
get
the
kept
sort
of
in
a
more
complete
State,
because
right
now,
I
think
we
like.
We
omitted
the
test
plan
and
we
omitted
like
a
lot
of
the
graduation
criteria
just
because
we
were,
we
weren't
sure
what
they
were
going
to
be,
and
we
didn't
want
to
like
not
have
the
kept
Verge
for
like
what
was
it
like,
124
Alpha.
A
B
B
A
B
A
B
F
B
F
A
G
G
C
A
The
the
bit
that
this
sort
of
relates
to
for
KMS
V2,
for
me
is
this
part,
which
is
I
wanna
I
wanna
have
a
conformance
suite
that
is
not
run
on
every
PR,
so
you'd
have
to
manually
invoke
it,
but
the
only
difference
about
the
suite
would
be.
It
runs
with
encryption
on
and
it
just
runs
a
regular,
conforming,
Suite
and
I
think
what
I
would
want
that
to
do
is
use
like
the
reference,
implementation
and
encrypt
everything
like
is.
Is
it
reasonable
to
have
a
functioning
conformant
cluster
with
everything
important
right?
B
E
A
So
I'm
just
talking
about
the
existing
tests,
we
have
right.
Okay,
so
I'm
not
familiar
exactly.
You
know
like
how
they're
defined
and
where
they're
set
up,
probably
somewhere
inside
of
test
info,
but
the
idea
would
be
to
define
a
new
one
that
basically
reuses
the
bulk
of
the
logic
of
the
existing
ones.
A
A
Yeah
we
would
have
to
I'm
trying
to
think
we
also
would
want
it
to
like.
If
you
make
a
change
to
the
reference
implementation,
you
should
be
able
to
use
this
test
Suite
to
validate
that
you
didn't
break
it
in
some
horrible
way
like
at
a
high
level,
but
that
that
would
mean
that
it
would
need
to
like
compile
and
build.
The
reference.
Implementation
example
thing
like
as
part
of
like
the
pr
pipeline.
Somehow
all.
B
A
B
E
A
So
we
don't
need
this
right
for
beta.
We
don't
act,
we
don't
have
to
maintain
the
debt
cash
right.
This
is
more
of
a
not
like
it.
Conceptually
makes
sense
for
this
to
work
right
like
it's
weird
that
you
reload
and
throw
away
the
whole
cache
that,
like
doesn't
conceptually,
make
sense,
but
it's
not
a
hard
requirement
right.
C
A
Right
right,
so
you
you're
not
gonna
lose
like
your
watch
cash
that
would
be
retained,
you're
just
losing
the
debt
cash.
So
if
you
try
it
read
some
data,
it's
not
going
to
be
able
to
immediately
do
it
without
talking
to
the
camera,
let's
plug-in.
First
I.
Think
that's,
probably
fine,
like
fine
in
the
sense
of
like
I,
don't
feel
the
need
to
say
that
cam
sv2
is
not
beta
without
this,
like
I
I
feel
much
more.
A
A
This
one
I,
don't
know
I'm,
not
100
sure
if
I
hop
strongly
I
feel
about
this
one.
This
one
is
explicitly
asking
for
it
for
like,
so
we
have
I
think
two
integration
tests
today
that,
like
specifically
exercise
like
having
aggregated
API
server
and
I'm
doing
specific
stuff
with
it
playing
around
with
this
resources,
so
it
would
be
good
to
validate
the
encryption
at
rest
works
for
it.
A
B
A
B
E
B
E
A
A
E
A
B
E
B
A
A
Okay,
yeah
so
I
think
what,
with
with
the
so
now
did
these
say
encryption
at
rest.
There
right,
I,
think
I
would
be
able
to
say
the
same
thing
here
right
is
that
it's
not
a
beta
blocker
for
kmsv2,
because
this
metric
is
about
automatic
reload,
which
is
a
useful
feature
for
encryption
at
graphs.
But
it's
actually
not
related
to
the
kmsp2
stuff,
like
it's
related
in
the
sense
that
they're
all
relating
to
each
other,
but
not
exclusively.
E
A
B
E
A
A
We
have
the
ability
to
actually
have
rotation
without
restarts
with
chemistry
2,
because
the
API
server
is
actually
aware
of
these
changes.
We
have
encrypting
everything
which
would
then
actually
allow
us
to
write
such
a
test.
Suite
that
has
everything
encrypted
that
can
use
the
reference
implementation.
A
B
D
A
D
A
Just
like
fully
like
you
would
actually
run
a
controller
and
what
they
say
is
like
all
right.
You
started
at
this
state
because
of
that
I
expect
you
to
converge
at
this
state
within
some
small
time
window
right,
so
they
don't
look
at
the
individual
events
in
the
middle.
They
just
look
at
the
start
of
the
game.
The
assert
that
you
made
it
there.
Those
are
sort
of
the
two
styles
of
controller
guys
I
like
to
have
like
the
first
one
tells
you
like.
A
D
Yeah
definitely
one
question:
for
example,
the
controller
only
Acts
when
we
did
millions
of
of
encryptions
or
the
week
passed
so
should
I.
Basically
like
one
of
the
comments
was
to
make
it
configurable
to
configure
it
down
to
maybe,
instead
of
one
week
to
one
minute
or
anything
like
that.
But
then
it
would
create
a
test
that
at
least
takes
one
minute
and
on
the
other
side
should
I.
Maybe
change
the
the
threshold
for
for
encryptions
done
and
then
make
this
somehow
configurable
for
the
test.
A
So
I
I
think
what
you
would
want
is
like,
maybe
ignoring
configuration
from
the
outside
from
the
public
apis
for
now,
but
make
it
so
that
at
least
internally
their
private
variables
on
the
struct
that
has
a
state.
So
that
way
you
can
tweak
it
inside
your
test.
However,
you
want
to,
and
also
I
would
want
to
use
the
clock
interfaces
that
we
get
from
the
API
Machinery
packages.
D
A
So
because
the
test
is
in
the
same
package
right,
it
can
mutate.
Okay,
so
so,
like
you
know,
you
would
have
like
a
a
like
what
you
call
it
like:
a
a
private
new
function
that
lets
you
pass
in
all
the
parameters
that
you
want,
and
then
you
have
a
public
new
function
with
a
capital
and
that
doesn't
let
you
pass
right.
So
it'll
use
like
a
real
clock
and
a
real
all
the
real
constants
as
its
input
and
the
outer
the
outer
package.
A
A
D
A
Yeah,
this
is
by
no
means
the
worst
thing.
I've
ever
done,
I've
done
so
many
words.
Much
worse.
I
I
have
used
the
unsafe
package
and
tests
before
to
poke
at
things
that
weren't
supposed
to
be
pokable,
because
the
whatever
thing
that
I
was
poking
at
the
library
author
decided
that
I
wasn't
allowed
to
poke
at
it
and
I
was
like
it's
not
helpful,
like
the
go.
A
A
B
A
G
F
C
G
A
So
we
we
would
want
integration
tests
at
that
level
and
those
could
exercise
much
more
fine
details
about
the
reference
implementation
if
we
want
them
to
or
or
some
aspect
of
chemistry
too,
that
either
e
I
don't
expect
us
to
have
really
much
control
over
the
internals
right,
because
you're
you're
just
going
to
have
a
real
API
server,
real
EBS
and
everything
right.
So
it's
yeah.
A
A
A
So
once
once
you
have
that
you
don't
like,
you
could
reasonably
just
set
up
KMS
V2
with
one
config
and
never
change
it,
even
as
you're
rotating
keys,
because
the
plugin
can
be
like
polling,
basically
like
the
key
vault
and
be
like
hey
what
key
should
I
be
using?
What's
like?
What's
the
status
like
what's
my
status
and
if
it
changes
that
information
flows
up,
so
you
don't
actually
need
to
change
and
config
right
so,
like
you,
don't
actually
need
automatic,
reload
or
hobby
load
for
KMS
V2.
G
A
A
I
mean
it
is
like
did
write
one
at
least
one
integration.
No,
no,
there's
like
at
least
two
integration
tests
for
this
they're
tested
in
like
different
ways,
but
they
they
test,
like
the
hot
reload
feature
like
if
you
change
the
file
like
this.
Does
it
change?
If
you
change
the
file
like
that,
it
doesn't
change
that
reminds
me
of
like.
We
probably
need
an
issue
for
the
gaps
right,
there's
one
where
we
we
had
a.
E
A
A
A
A
B
B
A
A
Encryption,
arrests,
the
whole
the
whole
concept,
which
makes
sense
to
me
because
it's
like
not
observable
from
the
outside,
so
it's
kind
of
hard
to
have
a
conformance
test
that
says
anything
useful
about
it,
so
I,
I,
I'm,
like
for
like
I'm,
not
sure
like
this
like
applies
and
like
this,
is
also
unclear,
because
these
are
not
endpoints,
because
the
grpc
API
doesn't
actually
meet
the
normal
things
right.
It's
like
this
weird
thing
we
can.
We
can
call
them
endpoints
just
and
be
like
yeah
we're
just
going
to
treat
them
that
way.
H
H
G
A
B
A
C
A
A
G
B
E
A
A
Well,
there's
a
big
asterisk,
I,
I
think
I
think
it's
that
rest
apis
are
not
enabled
at
the
beta
level
by
default.
I
think
this
one
is
weird
because
there's
a
feature
that's
beta,
but
then
also
an
RPC
API,
that's
beta,
but
it's
not
a
rest
API,
so
I
don't
know
I
I.
We
should
just
ask
we
should
just
we
I'll
just
add
this
as
an
item
for
the
agendas
like
which
way,
which
way
should
that
go
and
hopefully
Jordan
you
can
provide
us
some
guidance
song
from
the
API
review
side.
So.
G
A
A
So
like
I
I,
think
the
smallest
piece
that
wouldn't
do
anything
yet,
but
it
would
be
a
piece,
is
the
the
part
that
takes
the
grpc
API,
like
that
horrible
ugly
generated
thing
and
then
wires
it
against
the
more
nicer
go
interface.
That's
it's
basically
the
same
interface
but
like
smaller
that
you
know
that
service
interface,
that
we
have
I.
A
D
B
A
D
A
A
A
A
But
I
think
that's
kind
of
what
I'm
hoping
for
is
like
the
starting
point.
That
should
be
super
small
super
easy
to
merge,
and
then
then
we
can
start
like,
for
example,
like
one
of
the
implementations
I
want
from.
For,
for
this
interface
is
we?
We
you'll
see
this
a
lot
in
the
kubernetes
auth
code,
the
concept
of
a
delegate
where
you
have
an
interface
that
does
a
small
amount
of
thing
and
it
immediately
delegates
to
a
different
implementation
in
that
same
interface.
A
So
one
implementation
I
want
for
this
is
one
that
adds
delay
like
an
arbitrary
mining
delay
right.
So
that
way
we
can
have
like
an
implementation
that
uses
a
local
key
and
that's
one
static
implementation
and
have
another
one
that
just
arbitrarily
adds
delays
to
all
these
calls
and
then
delegates
to
some
other
one
right.
So
that
way
in
our
in
our
test
environment
right
then,
when
we
want
to
build
out
the
implementation
we
we
just
layer
them
together
in
the
specific
way
we
want.
D
You
know,
because
I'm
I'm
not
familiar
with
all
the
all
the
solutions
about
the
solution,
space
within
kubernetes
that
were
so
something
that
so
a
concept
that
might
be
very
familiar
to
to
anage
and
you
it's
like
completely
alien
to
me.
So
it's
sometimes
hard
for
me
to
visualize
what
you
mean
but
I'm,
eager
to
learn.
A
A
A
Yes,
it's
probably
all
of
me
somewhere
in
there
right,
but
so
the
gist
of
you
know
like
so
this
you,
as
you
can
see
right.
This
new
function
takes
an
authenticator
and
just
returns
a
different
authenticator
and
all
it's
doing
is
it's
calling
its
delegate
right
this
guy
and
then
it's
like
hey
I,
want
to
add,
like
one
group,
The
authenticated
group
and
then
I'm
gonna
pass
it
back
right.
A
So
if
you
change
in
in
this
example,
if
you
change
the
request
authenticator
to
the
that
service
interface,
you
can
imagine
a
implementation
of
the
service
interface.
That
literally
just
adds
time.sleeps
to
all
the
calls
and
then
calls
the
delegate
right.
So
that
would
be
basically
an
implementation
that
adds
arbitrary
delay
right,
but
it
doesn't.
It
doesn't
care
about
what
it's
delaying.
Those
are.
It's
a
separate
concern
right,
so
so
we
could
have,
we
could
add
delays
to
any
different
implementation
that
we
wanted
for
any
purpose
right.
A
A
Of
why
I
want
this
interface
to
be
used,
because
I
expect
there
to
be
a
few
implementations
of
this,
some
of
which
are
Standalone,
some
of
which
are
like
sort
of
glued
together
more
in
more
elaborate
ways,
either
for
test
purposes
or
for
the
real
one.
All
right
like
we,
we
will
need,
like
a
quote,
unquote
real
one
right,
that's
being
used
in
the
Eatery
conformance
in
some
way,
shape
or
form
right.
A
I'm,
not
I
I'll,
admit
I,
haven't
fully
thought
through
exactly
what
that
code
looks
like,
but
in
in
some
way
shape
or
form
right,
like
you
should
be
able
to
say,
I
have
my
remote
KMS
that
implements
this
interface
and,
on
top
of
it
I
add
a
key
hierarchy
or
I.
Don't
add
a
key
hierarchy
right
and
if
you're,
if
your
remote
KMS,
is
actually
a
local
piece
of
Hardware,
you
don't
need
the
key
art,
because
the
local
hardware
doesn't
have
like
Network.
A
I
o
Associated,
it's
just
basically
as
fast
as
your
machine
can
do
encryption
which,
like
on
the
modern
Intel
processors,
active
really
fast
because
they
have
dedicated
hardware
for
it
right
am
I
making
sense.
That's
that's
kind
of
like
the
high
level
plan
I
have
for
this.
Is
that,
like
we
have
a
bunch
of
different
implementations
of
this
interface
and
we
glue
them
together
to
sort
of
give
you
the
ideal.
That's
right
like
so.
A
You
know
for
Azure
key
Vault
we're
going
to
use
the
key
hierarchy
in
a
remote,
like
you
know,
obviously,
in
in
the
Azure
implementation,
we'll
import,
the
Azure
SDK
implement
this
interface
using
the
Azure
SDK,
but
then
layer
on
top
of
it.
The
key
hierarchy,
obviously
not
layer
delays
on
there,
because
that
would
just
be-
and
that
would
be
awful
I
would
just
be
messing
with
customers
for
funds.
A
Okay,
if
we
need
to
like
make
issues
that
say:
Hey
I,
I
added
this
small
piece
and
initiated
this
small
piece
now
those
two
small
pieces
are
there
now
I
have
to
write
this
test
right,
like
it's
okay
like
if,
if
we
split
it
up
enough
that,
even
if
not
everything
can
have
like
the
integration
test
like
everything
should
be
able
to
have
some
kind
of
unit
test
pretty
easily.
But
it's
okay.