IETF Logo Mail Archive

Re: [sfc] proof-of-transit: continue with both approaches,or choose one?

<ao.ting@zte.com.cn> Fri, 21 December 2018 02:32 UTC

Return-Path: <ao.ting@zte.com.cn>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EF3B12EB11 for <sfc@ietfa.amsl.com>; Thu, 20 Dec 2018 18:32:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AhEsoy_bOh6G for <sfc@ietfa.amsl.com>; Thu, 20 Dec 2018 18:32:07 -0800 (PST)
Received: from mxhk.zte.com.cn (mxhk.zte.com.cn [63.217.80.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC1BD12D4E9 for <sfc@ietf.org>; Thu, 20 Dec 2018 18:32:06 -0800 (PST)
Received: from mxct.zte.com.cn (unknown [192.168.164.217]) by Forcepoint Email with ESMTPS id 9A9AB1E4B608F5995E28 for <sfc@ietf.org>; Fri, 21 Dec 2018 10:32:04 +0800 (CST)
Received: from mse01.zte.com.cn (unknown [10.30.3.20]) by Forcepoint Email with ESMTPS id 848C3708DFB0E64DEE27; Fri, 21 Dec 2018 10:32:04 +0800 (CST)
Received: (from root@localhost) by mse01.zte.com.cn id wBL2W3VI088233; Fri, 21 Dec 2018 10:32:03 +0800 (GMT-8) (envelope-from ao.ting@zte.com.cn)
Message-Id: <201812210232.wBL2W3VI088233@mse01.zte.com.cn>
Received: from xgxapp02.zte.com.cn ([10.30.14.23]) by mse01.zte.com.cn with SMTP id wBL2LqVv068720; Fri, 21 Dec 2018 10:21:52 +0800 (GMT-8) (envelope-from ao.ting@zte.com.cn)
Received: from mapi (xgxapp01[null]) by mapi (Zmail) with MAPI id mid71; Fri, 21 Dec 2018 10:21:52 +0800 (CST)
Date: Fri, 21 Dec 2018 10:21:52 +0800
X-Zmail-TransId: 2af95c1c4e407495fe01
X-Mailer: Zmail v1.0
In-Reply-To: <ef644b4b-afae-c5ea-da33-20ed63365988@joelhalpern.com>
References: 210af706ed8d4b73aa8c77a24777d622@XCH-RCD-008.cisco.com, ef644b4b-afae-c5ea-da33-20ed63365988@joelhalpern.com
Mime-Version: 1.0
From: ao.ting@zte.com.cn
To: jmh@joelhalpern.com
Cc: fbrockne@cisco.com, sfc@ietf.org
Content-Type: multipart/mixed; boundary="=====_001_next====="
X-MAIL: mse01.zte.com.cn wBL2W3VI088233
X-MSS: AUDITRELEASE@mse01.zte.com.cn
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/XMuLmmZFYH4xxWQmkUqHuLbjgVA>
Subject: Re: [sfc] proof-of-transit: continue with both approaches,or choose one?
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Dec 2018 02:32:10 -0000

I agree with Joel. Since SSSS already has mechanism to provide ordered verification requirment, only this one approach is enough.






Regards.




敖婷 Ting Ao











原始邮件



发件人:JoelM.Halpern <jmh@joelhalpern.com>
收件人:Frank Brockners (fbrockne) <fbrockne@cisco.com>;sfc@ietf.org <sfc@ietf.org>;
日 期 :2018年12月17日 04:53
主 题 :Re: [sfc] proof-of-transit: continue with both approaches,or choose one?


<no hats>
Personally, the argument for just using SSSS, given that it now can 
provide ordered verification, seems quite persuasive to me.
Yours,
Joel
<hat floating back on slowly>

On 12/15/18 3:19 PM, Frank Brockners (fbrockne) wrote:
> During the SFC WG at IETF 103 in Bangkok we raised the question, whether 
> we could simplify the draft and choose a single algorithm for 
> proof-of-transit only (see also 
> https://datatracker.ietf.org/meeting/103/materials/minutes-103-sfc-01). 
> Given that we could not come to a conclusion, we decided to take the 
> discussion to the list.
> 
> Background:
> 
> draft-ietf-sfc-proof-of-transit-01 describes two different approaches: 
> “nested encryption” and “Shamir’s secret sharing scheme (SSSS)”... We 
> documented both approaches in the initial version of the draft, because 
> the two approaches had different qualities: While SSSS was 
> computationally cheaper (each node only needs to perform two additions, 
> a multiplication and a modulo-division), nested-encryption allowed to 
> verify that packets traversed a set of nodes in a particular order 
> (“ordered POT - OPOT”) – something that the SSSS-approach in the initial 
> version of the draft did not offer. With the changes discussed in IETF 
> 102 and now documented in draft-ietf-sfc-proof-of-transit-01, both 
> approaches offer order preservation.
> 
> In summary, we can now observe the following qualities of the two 
> approaches:
> 
>   * SSSS: Allows verification that a given set of nodes has been
>     traversed in a specific order (POT and OPOT). SSSS without order
>     preservation requires 2 additions, 1 multiplication, 1 division per
>     node participating in POT. Order preservation on top of that
>     requires an additional XOR (or similar).
>   * Nested-encryption: Allows verification that a given set of nodes has
>     been traversed in a specific order (POT and OPOT). The computational
>     effort of nested encryption depends on the crypto algorithm chosen
>     and typically higher than SSSS, i.e.. it requires/benefits from
>     hardware with specific capabilities (e.g. AES-NI). 
> 
> Question:
> 
> Given that both approaches both solve the problem of POT and ordered 
> POT, should we consider simplifying the draft and describe only a single 
> approach? If so, which approach should we choose?
> 
> I.e. when taking the computational effort into account and the fact that 
> options increase the burden for any implementor, we could decide to only 
> describe the SSSS approach in the draft.
> 
> Thoughts? Opinions?
> 
> Many thanks, Frank
> 
> 
> 
> _______________________________________________
> sfc mailing list
> sfc@ietf.org
> https://www.ietf.org/mailman/listinfo/sfc
> 

_______________________________________________
sfc mailing list
sfc@ietf.org
https://www.ietf.org/mailman/listinfo/sfc

v2.23.0 | Report a Bug | By Email