Re: [sidr] Modifiation request: draft-ietf-sidr-bgpsec-protocol-14
Matthew Lepinski <mlepinski.ietf@gmail.com> Wed, 02 March 2016 01:58 UTC
Return-Path: <mlepinski.ietf@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF1A61B4499 for <sidr@ietfa.amsl.com>; Tue, 1 Mar 2016 17:58:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UI9W3z_KdTZ1 for <sidr@ietfa.amsl.com>; Tue, 1 Mar 2016 17:58:15 -0800 (PST)
Received: from mail-ob0-x235.google.com (mail-ob0-x235.google.com [IPv6:2607:f8b0:4003:c01::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98E4C1B449B for <sidr@ietf.org>; Tue, 1 Mar 2016 17:58:15 -0800 (PST)
Received: by mail-ob0-x235.google.com with SMTP id fz5so53575660obc.0 for <sidr@ietf.org>; Tue, 01 Mar 2016 17:58:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=s7I6xDnNwNf6C1R6E4BJ6xHvwDKux/hCiRt2YQQ8B44=; b=HLzvdm/t41ETG9gDM8GY1A+YYk4jzHlp+tEKRyP9sUym9jo3JMEte2WfIHQiE9T9Pm clSykkdtVK0Mzt8wCS8k2zRgFOo8fJifgZ8uflN/JfwdMCwO31WA2vsTTpjA8mrT/+H8 vgD5kkxX8EDvo2DqI9RSEcpYx7Y2UlGYZPPPdEQAji07lFwgQ5jh5G58b5pxbVZsFNMl y7FPrVS1tjwooUPHe7JLlWU5id8sOXGEYzMtwfl2w5rExYjRRgXtNz6lnCvYzM4AFE1h HI4Z20rxgjLhr0bihVE4p6ZdqU2RjKKzn0c3eJCo4VJOGJAklJS6IU5JdzzZOzbc726N TKDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=s7I6xDnNwNf6C1R6E4BJ6xHvwDKux/hCiRt2YQQ8B44=; b=XOM/Pl0nhPXd44dS4u3DW2apelfV5lNDafwWnIaXyKymB8X1W1QunPD/w9L+Xxj06D o4umTIMrR1XWisZkDgNkaXScHOZaMCgXR/2esFbj7WPApBnQYo3sq8seSsdXvrcaS8b2 hYX91xg0WAUhb44rNDfLU3kGgxQKlLLSJcIsoJGi98IpTymNzaRcSGcU3DtZ1nxCBYMD tnUxwZ05Elw4/p6v7to5HwATdWJZeG88EacvdmP0hwQysmvQhFoDJIE9qL8ost+3pGNj Odms1JLCcPUlhxYVAbldt8Stj1RIJifFld0QdA/THAyClxAC0m27Al3Wpt/lzESPvzPN 56Jg==
X-Gm-Message-State: AD7BkJLzHOmdAz1uoQ5u9jflHO7XKQIgX8tvDqgD/GSD0N9S9x3yKunlqGiyxbrVc0GhxBd+samCS7e5fo0i2A==
MIME-Version: 1.0
X-Received: by 10.60.93.162 with SMTP id cv2mr19054733oeb.28.1456883894885; Tue, 01 Mar 2016 17:58:14 -0800 (PST)
Received: by 10.202.205.75 with HTTP; Tue, 1 Mar 2016 17:58:14 -0800 (PST)
In-Reply-To: <18BE6155-AD15-4C54-9860-52738A567A32@sn3rd.com>
References: <ECE5A848-2A1D-43F7-A303-A76442572693@nist.gov> <0FCAB5B8-420D-4007-8E91-21712D9CD6A5@sn3rd.com> <3BE2095C-08B2-426B-BBB0-77CF7B880DD8@nist.gov> <18BE6155-AD15-4C54-9860-52738A567A32@sn3rd.com>
Date: Tue, 01 Mar 2016 20:58:14 -0500
Message-ID: <CANTg3aA-UmcPcCshXb6tm=KC-s+2E3Sxfg-oGB_fewpuJGrCdg@mail.gmail.com>
From: Matthew Lepinski <mlepinski.ietf@gmail.com>
To: Sean Turner <sean@sn3rd.com>
Content-Type: multipart/alternative; boundary="047d7b33d2e608a6d5052d07376f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/kewpBK6yl6LDK4olGAYySlXQ8GE>
Cc: sidr list <sidr@ietf.org>, Matthew Lepinski <mlepinski@ncf.edu>, Michael Baer <baerm@tislabs.com>
Subject: Re: [sidr] Modifiation request: draft-ietf-sidr-bgpsec-protocol-14
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2016 01:58:20 -0000
I haven't seen any objections to this change on the list. I suspect that the benefits from this change are modest. However, I am happy to see us make a couple of small changes that will make things a bit easier for implementers. I have made the changes Oliver suggested in the next version of the document. I just need to roll in a few last editorial suggestions and then I will toss the new version into the draft repository. Thanks again to Oliver for providing this feedback. - Matt Lepinski On Wed, Feb 24, 2016 at 7:55 PM, Sean Turner <sean@sn3rd.com> wrote: > Right - so after re-reading this I see it now. > > spt > > > On Feb 24, 2016, at 11:19, Borchert, Oliver <oliver.borchert@nist.gov> > wrote: > > > > Sean, > > > > The change relates to the "Sequence of Octets to be Signed" (SOS), not > the signature blocks on the wire. > > For validation and signing, one needs to generate a separate SOS per > algorithm / signature block > > which is the same as it always was - nothing changed here. > > The resulting signature (while signing) will be added to the appropriate > signature block, > > and algorithm transfers are still dealt with in the same manner as > before. > > I hope that helps. > > > > Oliver > > > > > > > > > > > > > > On 2/23/16, 10:07 PM, "Sean Turner" <sean@sn3rd.com> wrote: > > > >> Oliver & Michael, > >> > >> I see that the Algorithm Suite Identifier is now included just once, > which saves one byte per signature segment, and that’s great, but how’s > this new structure going to work if there’s an an algorithm transition? > How will you support indicating the “old” and “new” algorithm? > >> > >> spt > >> > >>> On Feb 10, 2016, at 15:05, Borchert, Oliver <oliver.borchert@nist.gov> > wrote: > >>> > >>> Hello Matt, > >>> > >>> after reading version 14 of the BGPSec protocol draft and after > discussing the > >>> update between us, Michael Baer (BIRD implementer) and I (Quagga > Implementer) > >>> want to propose some changes for generation of the “Sequence of > Octets to be > >>> Signed” (SOS) in the draft on pg. 15. This change would modify the > order of > >>> information within the SOS as well as the order of attributes within > the > >>> “Secure_Path” Segment listed on pg. 8. > >>> > >>> For your convenience I attached this email as pdf document as well. > >>> > >>> NONE of the changes has any impact on the information that is put on > the wire > >>> in regards to adding or removing data. The only on the wire change is > the > >>> ordering of the attributes within the Secure_Path Segment. > >>> > >>> As we are all aware, the most expensive operation within the BGPSEC > protocol is > >>> the crypto operation, especially the Path verification. > >>> With the proposed modification of the SOS, implementers will be able > to utilize > >>> more efficient and higher performing software mechanisms to validate > the > >>> complete chain of signatures in an update. The current form makes this > more > >>> difficult. > >>> > >>> Our request does remove some data from the previous SOS structure, > changes the > >>> order of the remaining attributes within the SOS and includes the > re-ordering > >>> of one data segment on the wire, which will facilitate the SOS > generation. > >>> > >>> > >>> 1) Request for re-ordering the Secure_Path segment > >>> The first request deals with modifying the order of the Secure_Path > segment. > >>> This modification will become more obvious later on when we explain > our request > >>> for changes in the structure of “Sequence of Octets to be Signed” > (SOS) on > >>> pg. 15. > >>> This is also the only change that has an affect on the data on the > “wire” but > >>> again only regarding the order itself, NOT the content. > >>> > >>> The current format as it is shown on pg. 8 is as follows: > >>> > >>> +-------------------------------+ > >>> | AS Number (4 octets) | > >>> +-------------------------------+ > >>> | pCount (1 octet) | > >>> +-------------------------------+ > >>> | Flags (1 octet) | > >>> +-------------------------------+ > >>> > >>> We request to move the “AS Number” field to the end of the signature > segment. > >>> This results in the following structure: > >>> > >>> +-------------------------------+ > >>> | pCount (1 octet) | > >>> +-------------------------------+ > >>> | Flags (1 octet) | > >>> +-------------------------------+ > >>> | AS Number (4 octets) | > >>> +-------------------------------+ > >>> > >>> The reason for this minor change becomes more clear when we explain > our request > >>> for modifying the SOS structure. But as a little preview for where we > want to > >>> go with this, consider the following: > >>> > >>> Having a set of Secure_Path segments, the last field of the following > segment > >>> equals the “Target AS” needed in the SOS structure. But this becomes > more > >>> obvious later on. > >>> > >>> > >>> 2) Modifying the SOS structure” > >>> > >>> The current structure as it is presented on pg. 15 of draft-14 is as > follows: > >>> > >>> +-------------------------------+ > >>> | Target AS Number | > >>> +-------------------------------+ > >>> | AS Number | > >>> +-------------------------------+ > >>> | pCount | > >>> +-------------------------------+ > >>> | Flags | > >>> +-------------------------------+ > >>> | Previous Secure_Path | > >>> +-------------------------------+ > >>> | Previous Signature_Block | > >>> +-------------------------------+ > >>> | AFI | > >>> +-------------------------------+ > >>> | SAFI | > >>> +-------------------------------+ > >>> | NLRI | > >>> +-------------------------------+ > >>> > >>> This structure is very inefficient for signature validation because > for each > >>> signature validation the structure needs to be newly regenerated. > >>> > >>> One major change in version-14 compared to the preceding drafts is the > >>> inclusion of all previous signatures to the SOS structure. In the > previous > >>> draft only the directly preceding signature was part of the SOS. > Version-14 > >>> introduces an additional overhead of approximately 91-93 bytes (69-71 > for > >>> signature + 20 SKI + 2 signature length) or ~92 extra bytes per > Signature. > >>> > >>> This means that verifying a 10 hop path, the following additional > overhead for > >>> signatures must be added to each SOS in comparison to draft 13: > >>> > >>> (assumed 92 bytes on average per signature) > >>> > >>> SOS overhead 10 signatures: +828 bytes > >>> SOS overhead 9 signatures: +736 bytes > >>> SOS overhead 8 signatures: +644 bytes > >>> SOS overhead 7 signatures: +552 bytes > >>> SOS overhead 6 signatures: +460 bytes > >>> SOS overhead 5 signatures: +368 bytes > >>> SOS overhead 4 signatures: +276 bytes > >>> SOS overhead 3 signatures: +184 bytes > >>> SOS overhead 2 signatures: + 92 bytes > >>> > >>> For sequential verification only the maximum memory overhead comes > into place > >>> because each consecutive verification will have an SOS size less then > the > >>> previous one. > >>> For parallel verification though each verification itself requires the > >>> necessary memory overhead to the SOS which will end up with: > >>> > >>> Cumulative overhead for a 10 hop path: 4,140 bytes > >>> > >>> And this is only the additional memory consumption added with the > signatures. > >>> On top of that comes the prefix information {AFI, SAFI, NLRI} -> > (5...21 > >>> bytes), Path information {AS, pCount, Flags} -> 6 bytes each, and 1 > byte for > >>> algo ID. > >>> > >>> Depending where the data is located during the hash generation (e.g. > L2 cache) > >>> the additional memory accesses could further hinder performance and > negatively > >>> affect convergence time. > >>> > >>> Furthermore, the newly proposed (version-14 draft) SOS includes > Secure_Path > >>> Length and Signature_Block Length, both of which are overwritten at > each hop. > >>> This imposes the additional burden of regenerating these length fields > for the > >>> SOS corresponding to each signature verification. This again means > that each > >>> parallel working thread is required to generate its own SOS for > signature > >>> validation (see earlier discussion). Hence, it is not desirable to > include > >>> these length fields in the SOS at the sender. Removing these will not > create a > >>> security risk. > >>> > >>> The idea is to generate an SOS that can be re-used so that it only has > to be > >>> generated once and then can be utilized without any modification for > all > >>> signature verifications within an update – regardless if sequential or > parallel > >>> processing is used. > >>> > >>> > >>> The proposed modification will result in the following SOS structure: > >>> For simplification we combine the signature and path segments shown > below into > >>> a combined segment (in the SOS): > >>> > >>> +----------------------------+ > >>> | SKI (n-1) |\ > >>> +----------------------------+ \ > >>> | Signarture Length (n-1) |--- Signature Segment (n-1) > >>> +----------------------------+ / > >>> | Signature (n-1) |/ > >>> +----------------------------+ > >>> | pCount (n) |\ > >>> +----------------------------+ \ > >>> | Flags (n) |--- Secure_Path Segment (n) > >>> +----------------------------+ / > >>> | AS Number (n) |/ > >>> +----------------------------+ > >>> > >>> The simplification in imploded form looks as follows: > >>> > >>> +----------------------------+ > >>> | Signature Segment (n-1) | > >>> +----------------------------+ > >>> | Secure_Path Segment (n) | > >>> +----------------------------+ > >>> > >>> Proposed SOS Structure: (See example on next page for n=3) > >>> > >>> +---------------------------------------+ > >>> | Target AS Number | > >>> +---------------------------------------+\ > >>> | Signature Segment (n-1) | \ > >>> +---------------------------------------+ | > >>> | Secure_Path Segment (n) | | > >>> +---------------------------------------+ \ > >>> ... > For n Hops > >>> +---------------------------------------+ / > >>> | Signature Segment (1 origin) | | > >>> +---------------------------------------+ | > >>> | Secure_Path Segment (2) | / > >>> +---------------------------------------+/ > >>> | Secure_Path Segment (1 origin) | > >>> +---------------------------------------+ > >>> | Algorithm Suite Identifier | > >>> +---------------------------------------+ > >>> | AFI | > >>> +---------------------------------------+ > >>> | SAFI | > >>> +---------------------------------------+ > >>> | NLRI | > >>> +---------------------------------------+ > >>> > >>> This structure allows the generation of one single SOS that can be > accessed > >>> simultaneously by multiple threads (one for each signature > verification). > >>> > >>> With this structure an update containing 10 Signatures contains the > same > >>> overhead of +828 bytes but here it does not need to be re-generated > for each > >>> signature validation. Independent of whether the validation is > performed > >>> sequential or parallel, the overhead remains the same and will NOT > grow to an > >>> extra 4,140 bytes as outlined earlier. This will result in a net > saving of > >>> +3,312 bytes for a path with 10 signatures in addition to the time > saved > >>> generating the SOS for each validation separately. > >>> > >>> Example for generation and processing the new proposed SOS structure > for a > >>> signed path from AS1 to AS4: > >>> AS1—AS2—AS3-AS4 > >>> > >>> +----------------------+ > >>> SOS 3----->| AS 4 | <- (Target AS for signature 3) > >>> | +----------------------+ > >>> | | Signature_Segment (2)| > >>> | +----------------------+ > >>> | | pCount (3)| \ > >>> | +----------------------+ \ > >>> | | Flags (3)| --- Secure_Path Segment (3) > >>> | +----------------------+ / > >>> SOS 2----+>| AS 3 (3)| / <- (Target AS for signature 2) > >>> | | +----------------------+ > >>> | | | Signature_Segment (1)| > >>> | | +----------------------+ > >>> | | | pCount (2)| \ > >>> | | +----------------------+ \ > >>> | | | Flags (2)| --- Secure_Path Segment (2) > >>> | | +----------------------+ / > >>> SOS 1--+-+>| AS 2 (2)| / <- (Target AS for signature 1) > >>> | | | +----------------------+ > >>> | | | | pCount (1)| \ > >>> | | | +----------------------+ \ > >>> | | | | Flags (1)| --- Secure_Path Segment (origin) > >>> | | | +----------------------+ / > >>> | | | | AS 1 (1)| / > >>> | | | +----------------------+ > >>> | | | | Algorithm Suite ID | > >>> | | | +----------------------+ > >>> | | | | AFI | > >>> | | | +----------------------+ > >>> | | | | SAFI | > >>> | | | +----------------------+ > >>> | | | | NLRI | > >>> END +-+-+>+----------------------+ > >>> > >>> > >>> As one can clearly observe the receiver needs only to generate one > single > >>> SOS and can utilize it for validation of all previous signatures > without > >>> the need to regenerate the SOS at each step. > >>> > >>> Better even, the new SOS allows: > >>> - sequential validation processing without the need to regenerate the > >>> SOS data for each validation process; just use pointer arithmetic to > >>> specify start of the structure > >>> - parallel validation processing using the same memory location. > >>> > >>> > >>> > >>> Thanks, > >>> > >>> Oliver Borchert (NIST) & Michael Baer (PARSONS) > >>> > >>> > >>> > <BGPSEC-Draft14-ChangeRequest.pdf>_______________________________________________ > >>> sidr mailing list > >>> sidr@ietf.org > >>> https://www.ietf.org/mailman/listinfo/sidr > >> > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr >
- [sidr] Modifiation request: draft-ietf-sidr-bgpse… Borchert, Oliver
- Re: [sidr] Modifiation request: draft-ietf-sidr-b… Sean Turner
- Re: [sidr] Modifiation request: draft-ietf-sidr-b… Borchert, Oliver
- Re: [sidr] Modifiation request: draft-ietf-sidr-b… Michael Baer
- Re: [sidr] Modifiation request: draft-ietf-sidr-b… Sean Turner
- Re: [sidr] Modifiation request: draft-ietf-sidr-b… Matthew Lepinski