Add visibility into nonce redemption failure causes #8448
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aarongable
force-pushed
the
nonce-refactor
branch
from
d2427c2 to
1d49e4f
Compare
aarongable
changed the title
mcpherrinm
reviewed
Oct 18, 2025
jprenken
requested changes
Oct 22, 2025
beautifulentropy
approved these changes
Oct 23, 2025
| // the largest nonce we've actually handed out), then the age is negative. | ||
| age := float64(ns.latest-c) / float64(ns.latest-ns.earliest) | ||
|
|
||
| if c > ns.latest { // i.e. age < 0 |
There was a problem hiding this comment.
Stylistically, we avoid inline comments.
Suggested change
| if c > ns.latest { // i.e. age < 0 | |
| if c > ns.latest { | |
| // i.e. age < 0 |
| } | ||
|
|
||
| if c <= ns.earliest { | ||
| if c <= ns.earliest { // i.e. age >= 1 |
There was a problem hiding this comment.
Same style comment as above.
Suggested change
| if c <= ns.earliest { // i.e. age >= 1 | |
| if c <= ns.earliest { | |
| // i.e. age >= 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add metrics to the nonce server which give visibility into how many nonces it is currently tracking, and what distribution of nonce ages it actually sees. This should help us better understand the in-memory behavior of the nonce server, so we can better debug issues related to invalid nonce errors.
Also add much more detailed error messages throughout the nonce redemption pipeline. Have the nonce server's
valid()helper method return individual error messages based on why the nonce was invalid. Have the nonce service itself return those error messages to the WFE, rather than simply returning "Valid: false". Finally, have the WFE suppress those detailed error messages when displaying BadNonce errors to the end-user, so they end up in our logs but not in user-facing API responses.Finally, due to the refactoring of the nonce service's
.valid()helper above, simplify some unnecessary layers of abstraction within the nonce package. Remove the distinction between the "NonceService" (which contained all nonce logic) and the "NonceServer" (which implemented the gRPC interface). Make the non-gRPC methods unexported, since they're really just helper methods. Simplify the inmem nonce service to look exactly like the other inmem services, forwarding calls to the real gRPC implementation rather than to the underlying NonceService.