IETF Logo Mail Archive

Re: [ippm] Discussion on draft-brockners-ippm-ioam-data-integrity method 3 variant in @ietf110

Tommy Pauly <tpauly@apple.com> Fri, 26 March 2021 20:58 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57A6F3A0EC3 for <ippm@ietfa.amsl.com>; Fri, 26 Mar 2021 13:58:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.348
X-Spam-Level:
X-Spam-Status: No, score=-2.348 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.251, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kJYR3_JskT9Y for <ippm@ietfa.amsl.com>; Fri, 26 Mar 2021 13:58:28 -0700 (PDT)
Received: from ma1-aaemail-dr-lapp01.apple.com (ma1-aaemail-dr-lapp01.apple.com [17.171.2.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F17B43A0EBD for <ippm@ietf.org>; Fri, 26 Mar 2021 13:58:27 -0700 (PDT)
Received: from pps.filterd (ma1-aaemail-dr-lapp01.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp01.apple.com (8.16.0.42/8.16.0.42) with SMTP id 12QKlNc3018797; Fri, 26 Mar 2021 13:58:24 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=Y0itIz8uCF0S30q1rQsBoMw9aGliKP3QGiae2QDFpdU=; b=nUdRoOzl7YLNULBHK/DHfkSrGeEku0DOVNjoVFhKZJlm+xZGBZAfJPwlo5ng7QzBD62y lNRBmfX5QfLOVx8QAP3+0+NhpndIzdY1OkZo0rZDdPAZNleYmn+6mAkyaq9EuTlnn2m0 jnPLYSEfov/QYCaXvmI/4ZukV4OzBDCK0O0yzHkph6oIIf8C4qqUPJCClczOms5q7jMY 1mwFHs0iT5zofCIkAEFo4Tx3xtsoSNg26vtiMc6o9Z/QMG879GuWmsjhZVjW7PBKoPHW mxsOvRKVDESMlARsBx77akUA/CAgENcH05j+jXdjQPt1+lOs06gd9r736oUzX02oxnTn SQ==
Received: from rn-mailsvcp-mta-lapp01.rno.apple.com (rn-mailsvcp-mta-lapp01.rno.apple.com [10.225.203.149]) by ma1-aaemail-dr-lapp01.apple.com with ESMTP id 37h161yk8f-7 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 26 Mar 2021 13:58:24 -0700
Received: from rn-mailsvcp-mmp-lapp02.rno.apple.com (rn-mailsvcp-mmp-lapp02.rno.apple.com [17.179.253.15]) by rn-mailsvcp-mta-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPS id <0QQL011NGGX9KCK0@rn-mailsvcp-mta-lapp01.rno.apple.com>; Fri, 26 Mar 2021 13:58:21 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp02.rno.apple.com by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) id <0QQL00C00GJGSR00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Fri, 26 Mar 2021 13:58:21 -0700 (PDT)
X-Va-A:
X-Va-T-CD: 076cebed73b6132ed45f6342eb90264b
X-Va-E-CD: 014a78fcaadffedb87c3f18d3e3bf673
X-Va-R-CD: 867aa8237a53b9aa9cfc64f32d9c980a
X-Va-CD: 0
X-Va-ID: 0b114c39-b7f3-4a78-84cb-c47893589382
X-V-A:
X-V-T-CD: 076cebed73b6132ed45f6342eb90264b
X-V-E-CD: 014a78fcaadffedb87c3f18d3e3bf673
X-V-R-CD: 867aa8237a53b9aa9cfc64f32d9c980a
X-V-CD: 0
X-V-ID: 2b853cb0-a775-462b-bff4-994636fd1b12
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-26_11:2021-03-26, 2021-03-26 signatures=0
Received: from smtpclient.apple (unknown [17.234.118.53]) by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPSA id <0QQL00Y1AGX6SM00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Fri, 26 Mar 2021 13:58:18 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <B393DF12-BA0A-426A-8445-AE193050501F@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_C708F074-FCA3-4A6B-8CE2-2757ED78AA98"
MIME-version: 1.0 (Mac OS X Mail 15.0 \(3668.0.5\))
Date: Fri, 26 Mar 2021 13:58:18 -0700
In-reply-to: <ED2E3E28-C697-4CE7-A6F3-E4CF5B89AD42@apple.com>
Cc: "IETF IPPM WG (ippm@ietf.org)" <ippm@ietf.org>
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, Shwetha <shwetha.bhandari@gmail.com>, "Frank Brockners (fbrockne)" <fbrockne@cisco.com>
References: <CA+SnWFEGAwm0D2-U=5DapY=4Ky0R2xP0i=tFyjme6VaLRDdwwA@mail.gmail.com> <CA+SnWFHp7_tmqPGikvOOO5CGa1905wSnfrswaXBCmg0Z7LrTqg@mail.gmail.com> <ED2E3E28-C697-4CE7-A6F3-E4CF5B89AD42@apple.com>
X-Mailer: Apple Mail (2.3668.0.5)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-26_11:2021-03-26, 2021-03-26 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/JLT_MOc9MogPaCq-spx5soUI1FM>
Subject: Re: [ippm] Discussion on draft-brockners-ippm-ioam-data-integrity method 3 variant in @ietf110
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Mar 2021 20:58:32 -0000

Just checking here—when could we expect an updated proposal for the integrity document? Once we can converge on a set of approaches we like, we would like to get this prepared for a WG adoption.

Best,
Tommy

> On Mar 12, 2021, at 6:30 AM, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org> wrote:
> 
> Thanks, that’d be great to see the variants of Method 3 like that!
> 
> Best,
> Tommy
> 
>> On Mar 8, 2021, at 8:31 PM, Shwetha <shwetha.bhandari@gmail.com <mailto:shwetha.bhandari@gmail.com>> wrote:
>> 
>> My bad, it should be possible to reverse the process for validation and retrieve the previous signature in the reverse order. We will update the draft to have Method 3 with both symmetric/asymmetric variants.
>> 
>> Thanks,
>> Shwetha
>> 
>> On Tue, Mar 9, 2021 at 7:07 AM Shwetha <shwetha.bhandari@gmail.com <mailto:shwetha.bhandari@gmail.com>> wrote:
>> During the session 1 of ippm at IETF 110, it was suggested to consider introducing a variant of method 3 in  draft-brockners-ippm-ioam-data-integrity with asymmetric keys.
>> 
>> 
>> When we were designing the methods to protect integrity of the entire IOAM data collected at each node, the node chains it's own node data with the signature from the previous node and overwrites the signature:
>> Trace signature = sign([Trace Signature || its node_data_list[x] hash])
>> 
>> In the symmetric key case this operation can be validated by reversing the operation by the validator who has the shared secret from each node.
>> However this will not work if nodes use their private keys to sign and validator has the public key to validate as it can only validate but not derive a specific node's signature to reverse the operation. 
>> 
>> So I think the space optimized  method to overwrite the signature at each node cannot be modified to use asymmetric keys easily. Will be happy to discuss ideas to create a space optimized asymmetric key based solution.
>> 
>> Thanks
>> Shwetha
>> 
>> _______________________________________________
>> ippm mailing list
>> ippm@ietf.org <mailto:ippm@ietf.org>
>> https://www.ietf.org/mailman/listinfo/ippm
> 
> _______________________________________________
> ippm mailing list
> ippm@ietf.org
> https://www.ietf.org/mailman/listinfo/ippm

v2.15.0 | Report a Bug | By Email