IETF Logo Mail Archive

[Wimse] Re: Runtime costs of multiple signatures?

Yaron Sheffer <yaronf.ietf@gmail.com> Fri, 26 July 2024 20:50 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: wimse@ietfa.amsl.com
Delivered-To: wimse@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E38EC1519AF for <wimse@ietfa.amsl.com>; Fri, 26 Jul 2024 13:50:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.004
X-Spam-Level:
X-Spam-Status: No, score=-2.004 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ot2c8tGVS9kk for <wimse@ietfa.amsl.com>; Fri, 26 Jul 2024 13:50:15 -0700 (PDT)
Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57B74C151524 for <wimse@ietf.org>; Fri, 26 Jul 2024 13:50:15 -0700 (PDT)
Received: by mail-pl1-x62f.google.com with SMTP id d9443c01a7336-1fc5239faebso8818545ad.1 for <wimse@ietf.org>; Fri, 26 Jul 2024 13:50:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722027014; x=1722631814; darn=ietf.org; h=content-transfer-encoding:cc:to:message-id:thread-topic:subject :from:date:mime-version:from:to:cc:subject:date:message-id:reply-to; bh=fha+Kfa+bE+ujYAzbyY4IlUHPORKnIUCLJfKqnTsqsQ=; b=RYKYlyNWCGdWQnYww0rVdV5Rv+4/2MdVw7nKPz0juthE7nMT0bNk2mxX0QOcRl+faT OD6VftNdPRQcY5ih7EjRBjOWtY2vHXdMpU2m74XA55VDFoAmP6B1qRDunFyPmYZwUAGc Z8csQ7dqSgMTdf8QgNJtdIemCGQafrDPx4vt0zST87dW1loKtivokM82+gPqSi6DUkpv I5khWuZcN2inNGD0i+mAe3RnapC2GhY3OJ6SzZN7XFe5PXAmxtbyFYDISiyn3xZ3Ig2a 9fDfNNP9tW7MD75G/p6/DLW0O1cZFVH6alKi1wsqEK5fUmwtEROyRlLjJy0eJdk8Ncm3 V7pA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722027014; x=1722631814; h=content-transfer-encoding:cc:to:message-id:thread-topic:subject :from:date:mime-version:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=fha+Kfa+bE+ujYAzbyY4IlUHPORKnIUCLJfKqnTsqsQ=; b=bk6dj12b6HGM2wFLPv/FDclPMZ8YHt/rkKqbvSyJUcf9hEJnAHvBRnhiXXZOsUShOw ILPzv79rj07uvHNo3PrQwgjnY8Pmjafs7gl47yXD1DKPqFgMAR/DiSRu0yr2l4C/H6J/ HEdGG1p7Qr2PjBfM7MeKYJ/yzf9MWBfgU27WnNey1jDOdKXyLmu8ng1qSRlg3807icQX IqldQkyd70YoMW6t/USjmIJXA+on+/s2wnNM1NQ8ui9jN7sLi564xFDB7ltDlLV33dAF IOe7QNMHroLOhWn4JGIQWs3cY5cm+UeKW+y2vw++eTmnjtWEvznbgeKOWh12V00bmu87 f14g==
X-Forwarded-Encrypted: i=1; AJvYcCWpQ8Ak+qi7/S84MRdt35ZO8zK8QT8vEdyp9Ig1BUQd39jOnulGODemMwHP+so91LKCjga4GmyNy5VCAZXmHg==
X-Gm-Message-State: AOJu0Yx0y5ylt6m6OeklK1FCWAQUvUmzTORY9NhwjLDflt0gElvwTRzq oTp+p6Ni+uYi5AdWrd3NdFlpNhsQwGrKyaKWKsNjScZTdDhNGHt3
X-Google-Smtp-Source: AGHT+IHgd9Ym/v+zehLwYxRRzQHJIZScBTcDbD+15LeXZsG/+0WSwoAqUommU1DnpMLYyaNVPu30yw==
X-Received: by 2002:a17:903:22c2:b0:1fb:1afb:b864 with SMTP id d9443c01a7336-1ff047ea9bfmr11475325ad.5.1722027014132; Fri, 26 Jul 2024 13:50:14 -0700 (PDT)
Received: from macos-F7LQR2FV6V ([2001:67c:370:128:e836:d80c:2345:6283]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1fed7f9fb5dsm37227175ad.251.2024.07.26.13.50.13 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 26 Jul 2024 13:50:13 -0700 (PDT)
MIME-Version: 1.0
Date: Fri, 26 Jul 2024 13:50:11 -0700
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Thread-Topic: Re: [Wimse] Re: Runtime costs of multiple signatures?
Message-ID: <3A4940A3-E472-4D4D-9767-89275C791FBD@hxcore.ol>
To: "Dean H. Saxe" <dean@thesax.es>, Justin Richer <jricher@mit.edu>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
Message-ID-Hash: ZBSVK4CZXYY4XB73HROHWVGQVSWV25UH
X-Message-ID-Hash: ZBSVK4CZXYY4XB73HROHWVGQVSWV25UH
X-MailFrom: yaronf.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "McAdams, Darin" <darinm=40amazon.com@dmarc.ietf.org>, "wimse@ietf.org" <wimse@ietf.org>, Watson Ladd <watsonbladd@gmail.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Wimse] Re: Runtime costs of multiple signatures?
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/JphGac3FhAI9KyojaN-SzJqTFqg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>

This discussion is interesting and important. However at this early point of the working group’s lifecycle, it also looks a lot like premature optimization.

 

And then speaking of optimization… Some of the work can be amortized in high performance environments. We’ve been discussing a way to replace some of the signatures by symmetric MACs, but again, I think it is too early to worry about that.

 

Darin, going back to your original message and the Authorization header: Yes, this is an inconsistency between Option 1 and Option 2, but it’s unimportant in that the Authorization header with a bearer token is optional anyway and is only there for backward compatibility with existing deployments. To further dive into this rabbit hole, see https://github.com/yaronf/wimse-s2s/issues/15" rel="nofollow">https://github.com/yaronf/wimse-s2s/issues/15

 

Thanks,

                Yaron

 

From: Dean H. Saxe <dean@thesax.es>
Date: Friday, 26 July 2024 at 11:59
To: Justin Richer <jricher@mit.edu>
Cc: McAdams, Darin <darinm=40amazon.com@dmarc.ietf.org>, wimse@ietf.org <wimse@ietf.org>, Watson Ladd <watsonbladd@gmail.com>
Subject: [Wimse] Re: Runtime costs of multiple signatures?

Justin,

 

Thank you for the reminder about token buckets, I had forgotten about this work as another option to coalesce multiple tokens into a single structure.

 

I'll pause on writing a PR while this conversation develops.

 

-dhs

--
Dean H. Saxe
dean@thesax.es

 

 

On Fri, Jul 26, 2024 at 8:14AM Justin Richer <jricher@mit.edu> wrote:

Chair hat off, architect hat on. 

 

Embedding a token into another token really just hides the problems more than anything. We've seen this with deployments that wrap jwts into other jwts: the top layer might be quicker but now you've got to deal with unwrapping the underlying pieces. Then it's decode, parse, validate, decode again, and so on. 

 

Tokens, by their nature, are self contained, and I think our community jumps to them as a convenient data container too quickly. I do think there's room to consider other structures, like for example the graph structure I hand wave at in https://datatracker.ietf.org/doc/html/draft-richer-wimse-token-container-00" rel="nofollow">https://datatracker.ietf.org/doc/html/draft-richer-wimse-token-container-00 - the contents of each bucket don't need to be tokens nor do they even need to be internally signed. The graph structure provides an overall cryptographic capability that individual tokens don't, and it allows changes (especially additive ones) without wrapping. Tokens have their place but when they start to multiply, I think we do need to ask if it's the right structure. 

 

- Justin 

From: Dean H. Saxe <dean@thesax.es>
Sent: Friday, July 26, 2024 9:53 AM
To: McAdams, Darin <darinm=40amazon.com@dmarc.ietf.org>
Cc: wimse@ietf.org <wimse@ietf.org>; Watson Ladd <watsonbladd@gmail.com>
Subject: [Wimse] Re: Runtime costs of multiple signatures?

 

Darin,

 

I see this as a combination of the existing use cases in https://datatracker.ietf.org/doc/draft-rosomakho-wimse-tokentranslation-reqs/?" rel="nofollow">https://datatracker.ietf.org/doc/draft-rosomakho-wimse-tokentranslation-reqs/?  Specifically use cases 1, 2, and 4: token format change, token encoding change, and embedding one token in another.  The tokens would still have to be processed at least once to make these transformations in order to reduce the processing overhead down the call stack.

 

Embedding may not be exactly what’s required, perhaps there’s an additional use case to consider that enables bundling or combining tokens.  I’ll author a PR to add this use case.

 

-dhs

--
Dean H. Saxe
dean@thesax.es

 

 

On Jul 25, 2024 at 5:49:44PM, "McAdams, Darin" <darinm=40amazon.com@dmarc.ietf.org> wrote:

ECDSA 256 verification is a part of it. There’s also multiple invocations of a JSON parser to get at contents of the JWTs, and other overhead.

On Jul 24, 2024, at 3:17PM, Watson Ladd <watsonbladd@gmail.com> wrote:

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

 

 

 

> On Wed, Jul 24, 2024 at 2:35PM McAdams, Darin

> <darinm=40amazon.com@dmarc.ietf.org> wrote:

>

> I ran the numbers and we’re on the edge of what (I think) is acceptable, and on a slippery slope.

>

> Here’s the stats. Consider 4 tokens that could become common in workloads: (1) access_token, (2) WIT token, (3) WPT Token, (4) Txn-Token. Based on the examples in the specs, we’re in the ballpark of ~2K bytes (25% of typical 8K header space), and approaching a millisecond in processing time for all the hashing, signature verification, and JSON parsing. And, that’s the baseline. It would increase further with RAR, or adding richer context to a Txn-Token, and so on.

>

> The reason I say it’s a slippery slope is because I’m observing a pattern where each WG solves it’s goals by adding 1-2 tokens to a request. Viewed independently, each decision is logical. Cumulatively, it leads to a tragedy of the commons in terms of consuming the shared, finite space in HTTP headers.

>

> Workloads are especially sensitive to these details due to the scale at which they operate. As a result, I would raise the question whether the working group’s criteria for evaluating solutions should include some reasonable goals on cumulative token sizes and processing time. This may lead us to consider more compact representations of tokens, or perhaps mechanisms to bundle more information under fewer signatures.

 

ECDSA 256 is 53 microseconds to verify on my mac according to openssl

speed. 4 of them is 212 microseconds. Where is the other 700

microseconds coming from to get to a millisecond/can we fix this by

using more compact formats?

 

Sincerely,

Watson

 

 

 

--

Astra mortemque praestare gradatim

--
Wimse mailing list -- wimse@ietf.org
To unsubscribe send an email to wimse-leave@ietf.org

v2.46.0 | Report a Bug | By Email | System Status