[Wimse] Re: Runtime costs of multiple signatures?
"McAdams, Darin" <darinm@amazon.com> Wed, 24 July 2024 21:34 UTC
Return-Path: <prvs=928166bb7=darinm@amazon.com>
X-Original-To: wimse@ietfa.amsl.com
Delivered-To: wimse@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F402C14F5E2 for <wimse@ietfa.amsl.com>; Wed, 24 Jul 2024 14:34:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.247
X-Spam-Level:
X-Spam-Status: No, score=-2.247 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4YVMVnWIEUVh for <wimse@ietfa.amsl.com>; Wed, 24 Jul 2024 14:34:50 -0700 (PDT)
Received: from smtp-fw-80008.amazon.com (smtp-fw-80008.amazon.com [99.78.197.219]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AF2DC06EF11 for <wimse@ietf.org>; Wed, 24 Jul 2024 14:34:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1721856879; x=1753392879; h=from:to:subject:date:message-id:mime-version; bh=3pFdDmFN0Tv56VysfDhj5qOW4PpMK++oTx7sUAK9jjs=; b=Xb7kBhPEm6ZtHyRCBCqtwFjZPqiuq50QQo6aAYNvVoxPF/iHsEo0I3Kc sE8GV4nWa4SeWfaa53UTQq+kvW3v4p/O2A4de2bWT6YFm+VYzDLpa97F3 AvBiXsCYOvPVGbySMo3xpMBEvlQ2UjldUJPTvSFN1qQHNLdNhMCOhVfmC Y=;
X-IronPort-AV: E=Sophos;i="6.09,233,1716249600"; d="scan'208,217";a="109459081"
Received: from pdx4-co-svc-p1-lb2-vlan3.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.25.36.214]) by smtp-border-fw-80008.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jul 2024 21:34:38 +0000
Received: from EX19MTAUWB002.ant.amazon.com [10.0.21.151:62954] by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.34.254:2525] with esmtp (Farcaster) id c179c335-fc2d-45c4-a4f1-67d6271ece74; Wed, 24 Jul 2024 21:34:38 +0000 (UTC)
X-Farcaster-Flow-ID: c179c335-fc2d-45c4-a4f1-67d6271ece74
Received: from EX19D008UWA002.ant.amazon.com (10.13.138.240) by EX19MTAUWB002.ant.amazon.com (10.250.64.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1258.34; Wed, 24 Jul 2024 21:34:31 +0000
Received: from EX19D008UWA004.ant.amazon.com (10.13.138.220) by EX19D008UWA002.ant.amazon.com (10.13.138.240) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1258.34; Wed, 24 Jul 2024 21:34:31 +0000
Received: from EX19D008UWA004.ant.amazon.com ([fe80::d946:a53:e254:7768]) by EX19D008UWA004.ant.amazon.com ([fe80::d946:a53:e254:7768%5]) with mapi id 15.02.1258.034; Wed, 24 Jul 2024 21:34:31 +0000
From: "McAdams, Darin" <darinm@amazon.com>
To: "wimse@ietf.org" <wimse@ietf.org>
Thread-Topic: [Wimse] Runtime costs of multiple signatures?
Thread-Index: AQHa3hFEGHao6rmdG02W1JuMca7iHg==
Date: Wed, 24 Jul 2024 21:34:31 +0000
Message-ID: <9EFDE84B-77A9-4CB8-8E10-96D6305FD42A@amazon.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.86.24062313
x-originating-ip: [10.13.138.196]
Content-Type: multipart/alternative; boundary="_000_9EFDE84B77A94CB88E1096D6305FD42Aamazoncom_"
MIME-Version: 1.0
Message-ID-Hash: IP4LG2DU7LQGAUL466R3Y6FN2NNBXKMV
X-Message-ID-Hash: IP4LG2DU7LQGAUL466R3Y6FN2NNBXKMV
X-MailFrom: prvs=928166bb7=darinm@amazon.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Wimse] Re: Runtime costs of multiple signatures?
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/Q6oHPDxd1vZ7M7b-uA4HtC1pVkQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>
I ran the numbers and we’re on the edge of what (I think) is acceptable, and on a slippery slope. Here’s the stats. Consider 4 tokens that could become common in workloads: (1) access_token, (2) WIT token, (3) WPT Token, (4) Txn-Token. Based on the examples in the specs, we’re in the ballpark of ~2K bytes (25% of typical 8K header space), and approaching a millisecond in processing time for all the hashing, signature verification, and JSON parsing. And, that’s the baseline. It would increase further with RAR, or adding richer context to a Txn-Token, and so on. The reason I say it’s a slippery slope is because I’m observing a pattern where each WG solves it’s goals by adding 1-2 tokens to a request. Viewed independently, each decision is logical. Cumulatively, it leads to a tragedy of the commons in terms of consuming the shared, finite space in HTTP headers. Workloads are especially sensitive to these details due to the scale at which they operate. As a result, I would raise the question whether the working group’s criteria for evaluating solutions should include some reasonable goals on cumulative token sizes and processing time. This may lead us to consider more compact representations of tokens, or perhaps mechanisms to bundle more information under fewer signatures. From: Yogi Porla <yogi@deeplineage.io> Date: Tuesday, July 23, 2024 at 9:00 AM To: "McAdams, Darin" <darinm@amazon.com>, "wimse@ietf.org" <wimse@ietf.org> Subject: RE: [Wimse] Runtime costs of multiple signatures? My thoughts and opinions Highlighted below From: McAdams, Darin <darinm@amazon.com> Date: Monday, July 22, 2024 at 7:29 PM To: wimse@ietf.org <wimse@ietf.org> Subject: [Wimse] Runtime costs of multiple signatures? Really appreciate all the work that the design teams have put into the WIMSE proposals. I’ve been reading the docs in preparation for the IETF meeting and encountered a question I hadn’t seen discussed. The examples in service-to-service tokens<https://www.sheffer.org/wimse-s2s/draft-sheffer-wimse-s2s-protocol.html> appear to require a total of 3 or more tokens to be validated. This includes an OAuth access_token, the workload identity token, and the proof-of-possession token. The proliferation of tokens will have an impact on both the “bloat overhead” of each HTTP request, as well as the CPU and latency cost of running 3 or more asymmetric cryptographic operations. Perhaps it’s because I live in a world where a million requests per seconds is normal, but I found myself asking: “What will this cost?”. Has there been any discussion of the runtime costs of these proposals? It might be OK, or it might not, I simply don’t know and am curious. Attached is a benchmark done by USP team who are working on the Attested Claims concept,slides 8 and 9 has benchmarks for 40 aggregations using schnorr concatenation and other schemes.Please note that this work is based on SPIRE and has some additional claims overhead for test purposes. If this approach were pursued, audiences with efficiency concerns could raise additional questions such as: Is it acceptable to cache the validation results for a workload identity token so it’s not necessary to re-validate the same token on every HTTP request? Or, if a particular implementation has the means to do so, is it OK to distribute the token out of band so it’s not necessary to pass on every request? Concept of TTLs for rotating certificates is used for SPIFFE workload identities , however, note that Revalidation isn’t performed by default when the certificate is issued ( note that there is a PR on SPIRE to force revalidation and this is being looked into) . In-terms of Attested claims , given the nature of multiple workloads in transit ( User-> A-> B->C) and the potential of claims to change per request ( for instance a Claim at workload A could change based on the request), cached results may not be viable. One other thing I noticed is that Figure 12<https://www.sheffer.org/wimse-s2s/draft-sheffer-wimse-s2s-protocol.html#name-signed-request> in the HTTP Message Signature example doesn’t include an Authorization header with a bearer-token, as in the DPoP variation. I wasn’t sure if that’s because it’s unnecessary when using HTTP Message Signatures, or if this was simply a mistake in the example. I was trying to wrap my head around the pros-and-cons of each option, and whether one requires fewer signatures. -Darin
- [Wimse] Re: Runtime costs of multiple signatures? Yogi Porla
- [Wimse] Runtime costs of multiple signatures? McAdams, Darin
- [Wimse] Re: Runtime costs of multiple signatures? McAdams, Darin
- [Wimse] Re: Runtime costs of multiple signatures? Watson Ladd
- [Wimse] Re: Runtime costs of multiple signatures? McAdams, Darin
- [Wimse] Re: Runtime costs of multiple signatures? Dean H. Saxe
- [Wimse] Re: Runtime costs of multiple signatures? Justin Richer
- [Wimse] Re: Runtime costs of multiple signatures? Dean H. Saxe
- [Wimse] Re: Runtime costs of multiple signatures? A.J. Stein
- [Wimse] Re: Runtime costs of multiple signatures? Brian Campbell
- [Wimse] Re: Runtime costs of multiple signatures? Dmitry Izumskiy
- [Wimse] Re: Runtime costs of multiple signatures? Yaron Sheffer