validating monkeysphere-enabled site sometimes slow
The current xul-ext+msva+monkeysphere site validation check sometimes takes a long time to validate a valid monkeysphere-enabled site. When visiting a site I had not visited in many hours, I experienced a ~5 second delay with the "This Connection is Untrusted" page before the page began to load. My laptop also indicated quite a bit of disk activity (both visually and audibly).
Here's a look at the msva log, MSVA_LOG_LEVEL=debug, during this query, where I've left just the sections with longest delays (message lines trimmed to fit):
2010-04-28_04:03:55.09349 2010/04/28-00:03:55 CONNECT TCP Peer: "127.0.0.1:48088" Local: "127.0.0.1:8901" 2010-04-28_04:03:56.15368 sockopt(SO_TYPE) = 1 ... 2010-04-28_04:03:56.17284 Got POST /reviewcert (Content-Type: application/json; charset=UTF-8) 2010-04-28_04:03:56.69290 cert subject: geco.phys.columbia.edu ... 2010-04-28_04:03:56.69318 cert pubkey: 3082010a02820...... 2010-04-28_04:03:57.33375 cert info: ... 2010-04-28_04:03:57.55337 ms: primary key found: 2D61EBC92D4BB043 2010-04-28_04:03:58.36122 ms: * acceptable primary key. ... 2010-04-28_04:03:58.47448 returning: {"valid":true,"message":"Successfully validated ....... 2010-04-28_04:03:58.71136 Subprocess 31967 terminated.
The entire msva log is 3.6 seconds, with about one second for start up, another second for cert parsing, and during the call to the external monkeysphere process.
The systems is heavily used. This, in concert with the fact that there was disk activity, indicates that the msva had been swapped, which probably accounts for the first second of delay. This is supported by the fact that validation is generally much quicker on a "warm" system, where a monkeysphere validation had recently occurred.
I'm not sure why the cert parsing takes as long as it does.
I also suspect that the actual key/uid checking could be done much faster internally in perl than by calling out to the external monkeysphere process (see issue #2034 (closed)).
(from redmine: created on 2010-04-28)