[ippm] Discussion on draft-brockners-ippm-ioam-data-integrity method 3 variant in @ietf110

Shwetha <shwetha.bhandari@gmail.com> Tue, 09 March 2021 01:37 UTC

Return-Path: <shwetha.bhandari@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4035D3A1BEA for <ippm@ietfa.amsl.com>; Mon, 8 Mar 2021 17:37:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fCiC5iOAlOVm for <ippm@ietfa.amsl.com>; Mon, 8 Mar 2021 17:37:50 -0800 (PST)
Received: from mail-yb1-xb36.google.com (mail-yb1-xb36.google.com [IPv6:2607:f8b0:4864:20::b36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAE203A1BE9 for <ippm@ietf.org>; Mon, 8 Mar 2021 17:37:49 -0800 (PST)
Received: by mail-yb1-xb36.google.com with SMTP id x19so12299923ybe.0 for <ippm@ietf.org>; Mon, 08 Mar 2021 17:37:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=y1xScBezXsYizoPXJ8dXR+4WN6czKvcYvXlrcM9Lxyw=; b=BOjllfKw2csuWUFTk9yhskGvkYhIfMJFylwABNlAN/uL8gCuSark9l0FIiUy52baou 2Q9zei2B1pReDKR7kCbpOeWcXCE3Og+Tle/HMKgzpWZjeeHn33Rb5twj8IFY/VmvXKVZ +CFFQ6YdZD8BjNX3fqKx8HvEE6O7zBU6vCwx2PfdUum0ZiTL+80zCe9UX9mURVQvVCPi ISkwJH/hjtNkFYdOJjqIhS9f40J5+V+zp5Z+eGGAwcezanXUJMSFh977vmJWH95YVe4C FeRiCG4Kui6dmEPY2YZmqiTolndzryYG8PxJByLzlI7j+TMi7nh8pK1vUXIgjOdkb73E QGIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=y1xScBezXsYizoPXJ8dXR+4WN6czKvcYvXlrcM9Lxyw=; b=VO2bgQiHF8K458+CRXM1w+PPb1pLK1y/BZXCharo7AC1ikJCzDiym61a6G7qahAvH2 UNmkM4TQhsmbHutNDJvL+Pw40R3m9TIBbGaxelqxyuW3IZsea4ZJSVzutpxMuxvO02rx IZ9nFMuMnEB7B07lJx7R6S2auS8WmYlQ7ZZGwCpKvftDSGXrtRP6D8zarxxxGddMbAxC Yg6VGCRmbUruEAmRZMDpscffQo3GRfngcJkRpMP6o2GKJI5WWnwVvh8sC9q3T8wXL006 TuJg+OCdx7BBtbZLxfn3hM/rJ4plTBaGsU9rF4/TRWBFzgUcOcEPslioRhr8h8GOYiMe nMuw==
X-Gm-Message-State: AOAM53039uBKvLVucnwOeTYLgIDrDADshdIf5JSuNaIE9gyu1Ov2nPIv hK8MVVKUFEAD8hwrOf53zZ/DKWQit94M5XuDaFSnA11W
X-Google-Smtp-Source: ABdhPJxXrrJeFwYt6o2zeInJ9G44ekvmglQ+4HoSx/XckN7l+b36Qjf6lQFvN0uYosyH04sV37u9Eyy/0o0f/oiYUtQ=
X-Received: by 2002:a25:e74f:: with SMTP id e76mr36835320ybh.421.1615253867449; Mon, 08 Mar 2021 17:37:47 -0800 (PST)
MIME-Version: 1.0
From: Shwetha <shwetha.bhandari@gmail.com>
Date: Tue, 9 Mar 2021 07:07:34 +0530
Message-ID: <CA+SnWFEGAwm0D2-U=5DapY=4Ky0R2xP0i=tFyjme6VaLRDdwwA@mail.gmail.com>
To: ippm@ietf.org
Content-Type: multipart/alternative; boundary="000000000000fdd23e05bd10986f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/QQVRts2D7itsV7csd60Et9P-A-A>
Subject: [ippm] Discussion on draft-brockners-ippm-ioam-data-integrity method 3 variant in @ietf110
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Mar 2021 01:37:51 -0000

During the session 1 of ippm at IETF 110, it was suggested to consider
introducing a variant of method 3 in
draft-brockners-ippm-ioam-data-integrity with
asymmetric keys.


When we were designing the methods to protect integrity of the entire IOAM
data collected at each node, the node chains it's own node data with the
signature from the previous node and overwrites the signature:
Trace signature = sign([Trace Signature || its node_data_list[x] hash])

In the symmetric key case this operation can be validated by reversing the
operation by the validator who has the shared secret from each node.
However this will not work if nodes use their private keys to sign and
validator has the public key to validate as it can only validate but not
derive a specific node's signature to reverse the operation.

So I think the space optimized  method to overwrite the signature at each
node cannot be modified to use asymmetric keys easily. Will be happy to
discuss ideas to create a space optimized asymmetric key based solution.

Thanks
Shwetha