[sidr] comments on draft-ietf-sidr-bgpsec-protocol-14 -- data covered by signature
"Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov> Mon, 04 January 2016 15:57 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17A191A89FD for <sidr@ietfa.amsl.com>; Mon, 4 Jan 2016 07:57:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.798
X-Spam-Level:
X-Spam-Status: No, score=0.798 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9jeiySWEIid5 for <sidr@ietfa.amsl.com>; Mon, 4 Jan 2016 07:57:28 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0147.outbound.protection.outlook.com [65.55.169.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FB671A89FA for <sidr@ietf.org>; Mon, 4 Jan 2016 07:57:28 -0800 (PST)
Received: from CY1PR09MB0796.namprd09.prod.outlook.com (10.163.43.146) by CY1PR09MB0889.namprd09.prod.outlook.com (10.163.43.27) with Microsoft SMTP Server (TLS) id 15.1.361.13; Mon, 4 Jan 2016 15:57:25 +0000
Received: from CY1PR09MB0793.namprd09.prod.outlook.com (10.163.43.143) by CY1PR09MB0796.namprd09.prod.outlook.com (10.163.43.146) with Microsoft SMTP Server (TLS) id 15.1.361.13; Mon, 4 Jan 2016 15:57:25 +0000
Received: from CY1PR09MB0793.namprd09.prod.outlook.com ([10.163.43.143]) by CY1PR09MB0793.namprd09.prod.outlook.com ([10.163.43.143]) with mapi id 15.01.0361.006; Mon, 4 Jan 2016 15:57:25 +0000
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
To: "mlepinski@ncf.edu" <mlepinski@ncf.edu>, "david@mandelberg.org" <david@mandelberg.org>, "sra@hactrn.net" <sra@hactrn.net>
Thread-Topic: comments on draft-ietf-sidr-bgpsec-protocol-14 -- data covered by signature
Thread-Index: AQHRRwiaKZj5aeewW0Sem5gv/VTpvw==
Date: Mon, 04 Jan 2016 15:57:25 +0000
Message-ID: <CY1PR09MB079304AEE00CF6CC8D15278E84F20@CY1PR09MB0793.namprd09.prod.outlook.com>
References: <20151208204116.30503.33351.idtracker@ietfa.amsl.com>
In-Reply-To: <20151208204116.30503.33351.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [129.6.222.187]
x-microsoft-exchange-diagnostics: 1; CY1PR09MB0796; 5:y2YGb7IIXgaK3ddTUgJCQ7H1W2uYOvgELc/u82BKfa2JY8+GmeOV6muwpl06SgHcRjui4jVgcZ2nIIx5JolUIjWaiHTBrAH7umpI5TA/JKMjfnXiigJVE8WBL2ghEnIfcMWdcfDnv451fefUV9S8eg==; 24:FyWHdO1AMvtHpZaERjPAuuMmZF7i6d2VGqvytOZde0hAfwGQQzZk9k6zgnQEeC+QGUC/pxyJ5s1zLaHgxz0eh85NejB/sk5qfIV8ugAZ1uk=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR09MB0796;
x-microsoft-antispam-prvs: <CY1PR09MB0796EEC3146A9DB5CCAD41C184F20@CY1PR09MB0796.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(10201501046)(3002001); SRVR:CY1PR09MB0796; BCL:0; PCL:0; RULEID:; SRVR:CY1PR09MB0796;
x-forefront-prvs: 08118EFC2B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(189002)(199003)(164054003)(586003)(101416001)(106356001)(5008740100001)(77096005)(50986999)(1096002)(102836003)(229853001)(81156007)(2900100001)(5002640100001)(86362001)(99286002)(106116001)(5001960100002)(33656002)(105586002)(15975445007)(76176999)(54356999)(189998001)(5003600100002)(230783001)(5001770100001)(10400500002)(11100500001)(76576001)(3846002)(2501003)(4326007)(40100003)(97736004)(66066001)(1220700001)(6116002)(2950100001)(2201001)(122556002)(87936001)(92566002)(2171001)(5004730100002)(19580395003)(74316001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR09MB0796; H:CY1PR09MB0793.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jan 2016 15:57:25.3602 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR09MB0796
X-Microsoft-Exchange-Diagnostics: 1; CY1PR09MB0889; 2:f9Tu5ljVvozAdI97m9cButQgZN5Ui1a9MfS5uGhaRWkYRUsAW11+Om/KKi3V9Ty5Y+mTEQBmwGYAyl40Js67KcRlfzmbPIV4fj5qPo+g+6EaMCGUxuYA/YWD0mL9yEiaYYq8ybN43NucK9eeUixKhg==; 23:rBxHAUGaTMXDE8Iq8bqFaq24UjR0jeGAOXZhHBc+z4MkA4y8dkVpeTZ0DzgTD2DyPCV+2qHE6b0O5qvaLAlT9ES1iWJSSJi28a+MOaHEM5u+u4/DLIhHWOIurHtAeIRN6FbDKe3QBwHnvMNZVuN6xpPq1Xg2ki6qTxpHBRLvJqAr9A7S1HT9/QfXHktbPbGx
X-OriginatorOrg: nist.gov
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/VkHpHbJIL0X5AcdL3uuiINaBrCE>
Cc: "sidr@ietf.org" <sidr@ietf.org>
Subject: [sidr] comments on draft-ietf-sidr-bgpsec-protocol-14 -- data covered by signature
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jan 2016 15:57:31 -0000
Happy New Year!
I have given it (version 14) a complete read. Thanks, Matt, once gain for all your efforts.
My comments are split over two posts.
This is the first post that seeks to clarify a technical point.
My second post will have comments/suggestions to help improve
the clarity/presentation in the document, and also lists some typos and nits.
The following were the three possibilities for a protocol change to address the
problem that David identified:
1. Signature protects the Target ASN, {ASN, pCounts, Flags} of the signer,
Previous Secure_Path, and {AFI, SAFI, NLRI}.
2. Signature protects all of the data in #1 and the most recently added Signature_Segment
(i.e. that of the eBGPsec speaker from whom the update was received).
3. Signature protects all of the data in #1 and the Previous Signature_Block
(i.e. all previous Signature_Segments).
David initially proposed #1.
http://www.ietf.org/mail-archive/web/sidr/current/msg07258.html
Following on that, Rob made a case for #2.
http://www.ietf.org/mail-archive/web/sidr/current/msg07261.html
I don’t think #3 was discussed in that thread. Nevertheless it is a solution candidate.
#3 is what Matt has included in the revised draft.
The relative merits of #2 and #3 are worth a little discussion.
One thing to note is that ECDSA-P256 signature length is about 72 octets
(including DER (ASN1) format overheads); plus 22 octets for SKI and Sig length.
So a total of 94 octets of additional data (per signature) is to be included
in the hashed data at BGPsec routers.
In the case of #2, the *additional data* to be hashed would be a constant at 94 octets,
(independent of the AS path length), while in the case of #3,
it would be variable given by #AS (i.e. previous path length) x 94 octets.
So, for example, 940 octets more (for #3 over #2) if the previous AS path length is 10.
Is this of concern? One good thing is that the Signature_Segments to be added
to the hashed data are adjacent (that helps in consideration of #3).
Adjacency helps with lowering # CPU cycles consumed for marshaling the data for hash (for #3).
We have preliminary measurement data which shows that the performance for
SHA-256 hash operations on Intel NUC 3GHz (single threading) is as follows:
(we will be conducting this study also on a 3.5 GHz server with a lot more RAM):
Hash input data size | time per SHA-256 hash operation | hash operation speed |
50 octets | 0.34 usec | 2,923,662 hash ops/s
100 octets | 0.58 usec | 1,716,556 hash ops/s
500 octets | 2.02 usec | 493,969 hash ops/s
1000 octets | 3.93 usec | 254,462 hash ops/s
5000 octets | 17.21 usec | 58,109 hash ops/s
(Averaged over 1000 iterations; usec = microseconds)
For a long previous-AS-path length of 10, with the choice of #2,
we’ll be in 300 octets ballpark for hashed data size, and
with the choice of #3, we’ll be around 1200 octets ballpark for hashed data size.
So, to me it looks like #3 choice does not have a significant penalty
over #2 choice in terms the performance of hashing operations
for the range of hashed data sizes of our interest.
It is true that the hash processing time more than doubles for #3 compared to #2 in the
hash data size ranges of interest. However, since all other BGPsec update processing
is likely to dominate over the hash processing time, the concern with regard to
hash performance may not be huge when comparing #3 with #2.
The adjacency assumption of the multiple Signature_Segments for hashing is important
for #3, and should hold (hopefully) in the implementations.
Your thoughts/inputs on the merits/trade-offs of #2 vs. #3? Please share them.
Thank you.
Sriram
- [sidr] I-D Action: draft-ietf-sidr-bgpsec-protoco… internet-drafts
- [sidr] comments on draft-ietf-sidr-bgpsec-protoco… Sriram, Kotikalapudi
- [sidr] comments on draft-ietf-sidr-bgpsec-protoco… Sriram, Kotikalapudi