Re: [ippm] Discussion on draft-brockners-ippm-ioam-data-integrity method 3 variant in @ietf110
Tommy Pauly <tpauly@apple.com> Fri, 12 March 2021 14:31 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EDB23A0E74 for <ippm@ietfa.amsl.com>; Fri, 12 Mar 2021 06:31:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.367
X-Spam-Level:
X-Spam-Status: No, score=-2.367 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.248, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YFYXOM1maZQF for <ippm@ietfa.amsl.com>; Fri, 12 Mar 2021 06:31:01 -0800 (PST)
Received: from ma1-aaemail-dr-lapp01.apple.com (ma1-aaemail-dr-lapp01.apple.com [17.171.2.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D82AB3A0CEE for <ippm@ietf.org>; Fri, 12 Mar 2021 06:31:00 -0800 (PST)
Received: from pps.filterd (ma1-aaemail-dr-lapp01.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp01.apple.com (8.16.0.42/8.16.0.42) with SMTP id 12CESThr006787; Fri, 12 Mar 2021 06:30:59 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=mlqLXyhGyfFt/FgDBIQ4SbW5kuwh+CW3XjWPWe5c0Mw=; b=YKg4AnEFK6FgR0cc6LmZWdSe+bIMxz5bkNI+noAPUFttsbgSxoOs9iMVzR72ZeQQ6lAn zssdsy81YGJQBnRKbK8MKb9WKnaUqg6QJCQn1XXj+u2RTfOaIJfYsUUy6eKhT5BrY12w aMBTUZAfqiFnrap/FQoEsY8bXK4w6t/ELFAKW21QAEzW2FOn3FfE6ef94PKhBAk5wjYj v/xqMv/PASrC3LZKXpN+VvcdMR9aOmBDOq42KcDc9bnjAbevLEMJffULPmjfPaLZnr+s WqfOD3a4KJHqDG86L7c/IDZK6xxznibiNgLamPQYLUQakfJtHJ3eN3rC+hSMl0ozFifl iQ==
Received: from rn-mailsvcp-mta-lapp01.rno.apple.com (rn-mailsvcp-mta-lapp01.rno.apple.com [10.225.203.149]) by ma1-aaemail-dr-lapp01.apple.com with ESMTP id 3749985bx3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 12 Mar 2021 06:30:59 -0800
Received: from rn-mailsvcp-mmp-lapp01.rno.apple.com (rn-mailsvcp-mmp-lapp01.rno.apple.com [17.179.253.14]) by rn-mailsvcp-mta-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPS id <0QPV00CQC1NN7K80@rn-mailsvcp-mta-lapp01.rno.apple.com>; Fri, 12 Mar 2021 06:30:59 -0800 (PST)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp01.rno.apple.com by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) id <0QPV001001M8CD00@rn-mailsvcp-mmp-lapp01.rno.apple.com>; Fri, 12 Mar 2021 06:30:59 -0800 (PST)
X-Va-A:
X-Va-T-CD: db2b65071703be0a0602094eb02fa369
X-Va-E-CD: 014a78fcaadffedb87c3f18d3e3bf673
X-Va-R-CD: 867aa8237a53b9aa9cfc64f32d9c980a
X-Va-CD: 0
X-Va-ID: 9e1be224-d69e-4d5c-ac20-bb73c308138f
X-V-A:
X-V-T-CD: db2b65071703be0a0602094eb02fa369
X-V-E-CD: 014a78fcaadffedb87c3f18d3e3bf673
X-V-R-CD: 867aa8237a53b9aa9cfc64f32d9c980a
X-V-CD: 0
X-V-ID: 47495b12-6d74-494f-a922-78cd7a18d381
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-12_03:2021-03-10, 2021-03-12 signatures=0
Received: from smtpclient.apple (unknown [17.11.58.166]) by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPSA id <0QPV00U951NMXZ00@rn-mailsvcp-mmp-lapp01.rno.apple.com>; Fri, 12 Mar 2021 06:30:58 -0800 (PST)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <ED2E3E28-C697-4CE7-A6F3-E4CF5B89AD42@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_AE9B25CD-E96F-46B0-9CDC-514FBDD74C07"
MIME-version: 1.0 (Mac OS X Mail 14.0 \(3654.80.0.2.6\))
Date: Fri, 12 Mar 2021 06:30:58 -0800
In-reply-to: <CA+SnWFHp7_tmqPGikvOOO5CGa1905wSnfrswaXBCmg0Z7LrTqg@mail.gmail.com>
Cc: ippm@ietf.org
To: Shwetha <shwetha.bhandari@gmail.com>
References: <CA+SnWFEGAwm0D2-U=5DapY=4Ky0R2xP0i=tFyjme6VaLRDdwwA@mail.gmail.com> <CA+SnWFHp7_tmqPGikvOOO5CGa1905wSnfrswaXBCmg0Z7LrTqg@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.80.0.2.6)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-12_03:2021-03-10, 2021-03-12 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/TDeypX1yIO-84jcp8QfJU_K7eJU>
Subject: Re: [ippm] Discussion on draft-brockners-ippm-ioam-data-integrity method 3 variant in @ietf110
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Mar 2021 14:31:02 -0000
Thanks, that’d be great to see the variants of Method 3 like that! Best, Tommy > On Mar 8, 2021, at 8:31 PM, Shwetha <shwetha.bhandari@gmail.com> wrote: > > My bad, it should be possible to reverse the process for validation and retrieve the previous signature in the reverse order. We will update the draft to have Method 3 with both symmetric/asymmetric variants. > > Thanks, > Shwetha > > On Tue, Mar 9, 2021 at 7:07 AM Shwetha <shwetha.bhandari@gmail.com <mailto:shwetha.bhandari@gmail.com>> wrote: > During the session 1 of ippm at IETF 110, it was suggested to consider introducing a variant of method 3 in draft-brockners-ippm-ioam-data-integrity with asymmetric keys. > > > When we were designing the methods to protect integrity of the entire IOAM data collected at each node, the node chains it's own node data with the signature from the previous node and overwrites the signature: > Trace signature = sign([Trace Signature || its node_data_list[x] hash]) > > In the symmetric key case this operation can be validated by reversing the operation by the validator who has the shared secret from each node. > However this will not work if nodes use their private keys to sign and validator has the public key to validate as it can only validate but not derive a specific node's signature to reverse the operation. > > So I think the space optimized method to overwrite the signature at each node cannot be modified to use asymmetric keys easily. Will be happy to discuss ideas to create a space optimized asymmetric key based solution. > > Thanks > Shwetha > > _______________________________________________ > ippm mailing list > ippm@ietf.org > https://www.ietf.org/mailman/listinfo/ippm
- [ippm] Discussion on draft-brockners-ippm-ioam-da… Shwetha
- Re: [ippm] Discussion on draft-brockners-ippm-ioa… Shwetha
- Re: [ippm] Discussion on draft-brockners-ippm-ioa… Tommy Pauly
- Re: [ippm] Discussion on draft-brockners-ippm-ioa… Tommy Pauly
- Re: [ippm] Discussion on draft-brockners-ippm-ioa… Frank Brockners (fbrockne)
- Re: [ippm] Discussion on draft-brockners-ippm-ioa… MORTON, ALFRED C (AL)
- Re: [ippm] Discussion on draft-brockners-ippm-ioa… Frank Brockners (fbrockne)
- Re: [ippm] Discussion on draft-brockners-ippm-ioa… Shwetha