Re: [ippm] Discussion on draft-brockners-ippm-ioam-data-integrity method 3 variant in @ietf110

Shwetha <shwetha.bhandari@gmail.com> Tue, 09 March 2021 04:32 UTC

Return-Path: <shwetha.bhandari@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD4303A0EFC for <ippm@ietfa.amsl.com>; Mon, 8 Mar 2021 20:32:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jkBWumVwv_u for <ippm@ietfa.amsl.com>; Mon, 8 Mar 2021 20:32:10 -0800 (PST)
Received: from mail-yb1-xb34.google.com (mail-yb1-xb34.google.com [IPv6:2607:f8b0:4864:20::b34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 784F93A0EFB for <ippm@ietf.org>; Mon, 8 Mar 2021 20:32:10 -0800 (PST)
Received: by mail-yb1-xb34.google.com with SMTP id n195so12581599ybg.9 for <ippm@ietf.org>; Mon, 08 Mar 2021 20:32:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WZauiyscBDSCyNRn66tZ5ORar+Ewuc27532CEDib4co=; b=AQmFpVF4iQxPye5vyviK1eCdkYxjFAq9vG28G7FFdUauupcCDl3YqI3+zanePQqV7H C9ep6pWJpBOV4OjiQK2WnWamB0zJIXmLzjNhIRf2umejJPFFcH+i7FJ5QMlMhKE8h2ph fA385hGsiQnqSRyEbHP1KqsbBAFdDiOdVoEipFXBIGPepjJSfhhZN4TEHmGq8k0zlFmv SbBwO6HVspkFPQkdldLOHqzYO4mQJibHoMTtlvBGYYu+ma31MSdGSi0I5ZJIw33QrDLZ ZylcrMbXFnDThs3PD+m6lvkL1Kp/aIB2jzCA+VO14QmXBv1qAW0Cp5VvmbsW/bX96Jy9 OSXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WZauiyscBDSCyNRn66tZ5ORar+Ewuc27532CEDib4co=; b=PBve+7bzQ2OI0nrVL5JCM9tIR9ACWSCpykNSNNjiR/MK7YoS0/gQn0panchHX+r4Av mMnb70rJHnXKGrwQybBW6jnluTsVmDM2RZEutxrHkNEczNFlepvT/Hy5XHuzvftFTiXN xOReTC0Kce87cXAK/FXdsRDpmUtvN99522MRUXQ2VJKmOe3/ZfMwFRMjXt0X5ReYzu5o IK0BK4vsklkDciQEw+q4ekaUzoZBJgmWQvZLPqBJpELc+M9VME5oyTgV51F6Lu33VIRT l/057R1Z5JUUv8yTTXnoqxoFz2WYx9YRLoXoH+0TWoCFZC7QYTya6DRgv+3a8PfkrzpQ IHXQ==
X-Gm-Message-State: AOAM532b+7u9xZh4GzjYkzZ/rr9kxtPUdF/lwwChS8drZfvlrSkTLaz9 pfA4VJZ++Mt/lbDEGkqG23u7SphHj4KgInyHJdpQ2IcV
X-Google-Smtp-Source: ABdhPJxxxktQPYdfWvzMn3qZ52QPLL9/da/fqAo3dHVx/ZE1KWMYtyFZ0H+hFjiMnIyT91mqUjW3ZgT3YS8IYBVekVY=
X-Received: by 2002:a5b:4c1:: with SMTP id u1mr38391485ybp.486.1615264328205; Mon, 08 Mar 2021 20:32:08 -0800 (PST)
MIME-Version: 1.0
References: <CA+SnWFEGAwm0D2-U=5DapY=4Ky0R2xP0i=tFyjme6VaLRDdwwA@mail.gmail.com>
In-Reply-To: <CA+SnWFEGAwm0D2-U=5DapY=4Ky0R2xP0i=tFyjme6VaLRDdwwA@mail.gmail.com>
From: Shwetha <shwetha.bhandari@gmail.com>
Date: Tue, 9 Mar 2021 10:01:57 +0530
Message-ID: <CA+SnWFHp7_tmqPGikvOOO5CGa1905wSnfrswaXBCmg0Z7LrTqg@mail.gmail.com>
To: ippm@ietf.org
Content-Type: multipart/alternative; boundary="00000000000080498405bd130848"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/REnoIHLR9hP1UY6Y8BEobhBAp0E>
Subject: Re: [ippm] Discussion on draft-brockners-ippm-ioam-data-integrity method 3 variant in @ietf110
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Mar 2021 04:32:12 -0000

My bad, it should be possible to reverse the process for validation and
retrieve the previous signature in the reverse order. We will update the
draft to have Method 3 with both symmetric/asymmetric variants.

Thanks,
Shwetha

On Tue, Mar 9, 2021 at 7:07 AM Shwetha <shwetha.bhandari@gmail.com> wrote:

> During the session 1 of ippm at IETF 110, it was suggested to consider
> introducing a variant of method 3 in  draft-brockners-ippm-ioam-data-integrity with
> asymmetric keys.
>
>
> When we were designing the methods to protect integrity of the entire IOAM
> data collected at each node, the node chains it's own node data with the
> signature from the previous node and overwrites the signature:
> Trace signature = sign([Trace Signature || its node_data_list[x] hash])
>
> In the symmetric key case this operation can be validated by reversing the
> operation by the validator who has the shared secret from each node.
> However this will not work if nodes use their private keys to sign and
> validator has the public key to validate as it can only validate but not
> derive a specific node's signature to reverse the operation.
>
> So I think the space optimized  method to overwrite the signature at each
> node cannot be modified to use asymmetric keys easily. Will be happy to
> discuss ideas to create a space optimized asymmetric key based solution.
>
> Thanks
> Shwetha
>
>