IETF Logo Mail Archive

[Wimse] Re: Runtime costs of multiple signatures?

Dmitry Izumskiy <idimaster@gmail.com> Mon, 05 August 2024 05:15 UTC

Return-Path: <idimaster@gmail.com>
X-Original-To: wimse@ietfa.amsl.com
Delivered-To: wimse@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9376CC14CF15 for <wimse@ietfa.amsl.com>; Sun, 4 Aug 2024 22:15:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IixV6pSkN7kZ for <wimse@ietfa.amsl.com>; Sun, 4 Aug 2024 22:15:41 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DC0BC14CF17 for <wimse@ietf.org>; Sun, 4 Aug 2024 22:15:41 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-2f149845fbaso67157371fa.3 for <wimse@ietf.org>; Sun, 04 Aug 2024 22:15:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722834939; x=1723439739; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=KaMRk9kUFAXLr9HYzLdlShVNQAGRme1CpsQBv7iFG3M=; b=nQ6ww6TMzTqxL/8TNMVdj5xgwPIlW5JWh2jDd0tiK8L8hOvhCytGkeRFY/m2JqiFoF T0r7FPx9cqs5435893rvQ2VX5JcDVvhIvrSvaRyoSG0xtogAkWNvEzFMoNRcC7fT/B5l T3iFN9XumvLodmea+Pc1XSWn0oSORgSpteS1TGJwCUsviGkNoJtT0ZBuPxLHm5N9u3RS 55wu/hf9ciAayhhB0mSorZVcqstlkckPZc8dYEzA+Hru3oBs5sxcjk2GovYCliuX/HeU N1Joor73PegRKpidRUXsjS1voes1qFr7wAgAPqJLh6El5lvvU72UAVRO3OQItVe68oWO qn5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722834939; x=1723439739; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=KaMRk9kUFAXLr9HYzLdlShVNQAGRme1CpsQBv7iFG3M=; b=jqJlGmNbeVzJl3J2Tk2oHCbnevdJ32tK6Vc6mmocYzOt8u+a9R+zEHI7pT9LjSkfi3 pDC4DltQTBKeMjmL2CVCdXB5P++7QipmVuTM0K68/ESAxchmGpt+pLbd9Aa4G/tGRN/1 z8uQh/lJZFW5u6dUZaPKTZ/KEK5FaLaPvgOtJBZtKf6K4NxHif8zA+wVWAxG112HuUQP e9u/tPV3aNwFFbGS802tvW3LRpSu/7oNRZKowhCNOdBfcTozImnObYPx4+sRVyUc8tPe FuUzRS1wha5iUvCvuNW4CyKNaMxvZivK5ZyXzQFWNHFNXjsZeDpfGcZ4jJqFw2ZskN6R cgpQ==
X-Forwarded-Encrypted: i=1; AJvYcCV24kszPDnZjos2N/mDHKX1bxm3Lu6MYOzxXnde97+0rufGhsN2CNFbbMitH/I4ged6XvFgBzqgHExfgsJ+4w==
X-Gm-Message-State: AOJu0Yy37V1xSj/fQQ/Sn8W4M12lJZ9KjorVtI9Ob9UIv8gcNSd0oeQ4 /hu6ksWieMf4D4oggOH5NpXiAaeGa/LSshCZD/jJ6Qv/AZr0wj5538gxxWR9MpvIU+73JhQCsSF RoUBiehC0mddRYiPtaxADsQGNEXJfiI3y
X-Google-Smtp-Source: AGHT+IFpZ3i9vyWxIv+1CWTsN6Y6BD69Q6MgwOCF/NPnzTjaGYWBB0a2BbfNFfqpTNzKeV7MQTyPuWel7TOvHvCd3pc=
X-Received: by 2002:a2e:934b:0:b0:2ef:2dfd:15dc with SMTP id 38308e7fff4ca-2f15aa7191fmr72878051fa.9.1722834938694; Sun, 04 Aug 2024 22:15:38 -0700 (PDT)
MIME-Version: 1.0
References: <9EFDE84B-77A9-4CB8-8E10-96D6305FD42A@amazon.com> <CA+k3eCRc==Rv0w_6LWJg4dkcEaVCDvW01nCfSf10t60nCDe0Qw@mail.gmail.com>
In-Reply-To: <CA+k3eCRc==Rv0w_6LWJg4dkcEaVCDvW01nCfSf10t60nCDe0Qw@mail.gmail.com>
From: Dmitry Izumskiy <idimaster@gmail.com>
Date: Sun, 04 Aug 2024 22:15:26 -0700
Message-ID: <CAOuZNLL1viSAQDensnV-zgS1wn7M4NyPFg8SxQ7P3CwnpO+qwA@mail.gmail.com>
To: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008712f1061ee8c476"
Message-ID-Hash: AM52TKDRASVN3I5Y5BFNHMHTSLYXFV3C
X-Message-ID-Hash: AM52TKDRASVN3I5Y5BFNHMHTSLYXFV3C
X-MailFrom: idimaster@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "McAdams, Darin" <darinm=40amazon.com@dmarc.ietf.org>, "wimse@ietf.org" <wimse@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Wimse] Re: Runtime costs of multiple signatures?
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/SRtYbnrIdxRbhgRsdnJU0KIYTgc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>

In context of this conversation I would like to refer to Donald Knuth - "We
should forget about small efficiencies, say about 97% of the time:
premature optimization is the root of all evil. Yet we should not pass up
our opportunities in that critical 3%"
On the current stage of our work I am not convinced that hashing,
signature verification and JSON parsing are in critical 3%.

My expectation is that first working prototypes of WIP, WPT or HTTP
signature will flush out all critical performance issues. Overall
accounting on the tendency that compute is getting cheaper over time,
focusing on security properties over performance for
architectural tradeoffs can be the right strategy. History of HTTPS/TLS
adoption already proved that.

Best regards,
Dmitry



On Mon, Jul 29, 2024 at 2:58 PM Brian Campbell <bcampbell=
40pingidentity.com@dmarc.ietf.org> wrote:

> As an individual and contributor to the WIMSE Service to Service
> Authentication draft - the intention from my perspective of the s2s
> document is that there will be two things for service authentication, 1)
> the WIT and 2) either a WPT or HTTP signature. And there'd be one more
> thing (maybe a transaction token, the "original" oauth token, an "internal"
> oauth token, or something along those lines but only one such thing) that
> conveys context like the user identity and authorization situation of the
> larger request context. I do believe there are efficiency concerns here but
> hope that the slope isn't that slippery.
>
> On Wed, Jul 24, 2024 at 3:35 PM McAdams, Darin <darinm=
> 40amazon.com@dmarc.ietf.org> wrote:
>
>> I ran the numbers and we’re on the edge of what (I think) is acceptable,
>> and on a slippery slope.
>>
>> Here’s the stats. Consider 4 tokens that could become common in
>> workloads: (1) access_token, (2) WIT token, (3) WPT Token, (4) Txn-Token.
>> Based on the examples in the specs, we’re in the ballpark of ~2K bytes (25%
>> of typical 8K header space), and approaching a millisecond in processing
>> time for all the hashing, signature verification, and JSON parsing. And,
>> that’s the baseline. It would increase further with RAR, or adding richer
>> context to a Txn-Token, and so on.
>>
>> The reason I say it’s a slippery slope is because I’m observing a pattern
>> where each WG solves it’s goals by adding 1-2 tokens to a request. Viewed
>> independently, each decision is logical. Cumulatively, it leads to a
>> tragedy of the commons in terms of consuming the shared, finite space in
>> HTTP headers.
>>
>> Workloads are especially sensitive to these details due to the scale at
>> which they operate. As a result, I would raise the question whether the
>> working group’s criteria for evaluating solutions should include some
>> reasonable goals on cumulative token sizes and processing time. This may
>> lead us to consider more compact representations of tokens, or perhaps
>> mechanisms to bundle more information under fewer signatures.
>>
>>
>>
>> *From: *Yogi Porla <yogi@deeplineage.io>
>> *Date: *Tuesday, July 23, 2024 at 9:00 AM
>> *To: *"McAdams, Darin" <darinm@amazon.com>, "wimse@ietf.org" <
>> wimse@ietf.org>
>> *Subject: *RE: [Wimse] Runtime costs of multiple signatures?
>>
>>
>>
>> My thoughts and opinions Highlighted below
>>
>> *From: *McAdams, Darin <darinm@amazon.com>
>> *Date: *Monday, July 22, 2024 at 7:29 PM
>> *To: *wimse@ietf.org <wimse@ietf.org>
>> *Subject: *[Wimse] Runtime costs of multiple signatures?
>>
>> Really appreciate all the work that the design teams have put into the
>> WIMSE proposals.
>>
>> I’ve been reading the docs in preparation for the IETF meeting and
>> encountered a question I hadn’t seen discussed. The examples in service-to-service
>> tokens
>> <https://www.sheffer.org/wimse-s2s/draft-sheffer-wimse-s2s-protocol.html>
>> appear to require a total of 3 or more tokens to be validated. This
>> includes an OAuth access_token, the workload identity token, and the
>> proof-of-possession token. The proliferation of tokens will have an impact
>> on both the “bloat overhead” of each HTTP request, as well as the CPU and
>> latency cost of running 3 or more asymmetric cryptographic operations.
>> Perhaps it’s because I live in a world where a million requests per seconds
>> is normal, but I found myself asking: “What will this cost?”. Has there
>> been any discussion of the runtime costs of these proposals? It might be
>> OK, or it might not, I simply don’t know and am curious.
>>
>>
>>
>> Attached is a benchmark done by USP team who are working on the Attested
>> Claims concept,slides 8 and 9 has benchmarks for 40 aggregations using
>> schnorr concatenation and other schemes.Please note that this work is based
>> on SPIRE and has some additional claims overhead for test purposes.
>>
>>
>>
>> If this approach were pursued, audiences with efficiency concerns could
>> raise additional questions such as: Is it acceptable to cache the
>> validation results for a workload identity token so it’s not necessary to
>> re-validate the same token on every HTTP request? Or, if a particular
>> implementation has the means to do so, is it OK to distribute the token out
>> of band so it’s not necessary to pass on every request?
>>
>>
>>
>> Concept of TTLs for rotating certificates is used for SPIFFE workload
>> identities , however, note that Revalidation isn’t performed by default
>> when the certificate is issued ( note that there is a PR on SPIRE to force
>> revalidation and this is being looked into) .   In-terms of Attested claims
>> , given the nature of multiple workloads in transit ( User->  A-> B->C) and
>> the potential of claims to change per request ( for instance a Claim at
>> workload A could change based on the request), cached results may not be
>> viable.
>>
>> One other thing I noticed is that Figure 12
>> <https://www.sheffer.org/wimse-s2s/draft-sheffer-wimse-s2s-protocol.html#name-signed-request>
>> in the HTTP Message Signature example doesn’t include an Authorization
>> header with a bearer-token, as in the DPoP variation. I wasn’t sure if
>> that’s because it’s unnecessary when using HTTP Message Signatures, or if
>> this was simply a mistake in the example. I was trying to wrap my head
>> around the pros-and-cons of each option, and whether one requires fewer
>> signatures.
>>
>> -Darin
>> --
>> Wimse mailing list -- wimse@ietf.org
>> To unsubscribe send an email to wimse-leave@ietf.org
>>
>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*--
> Wimse mailing list -- wimse@ietf.org
> To unsubscribe send an email to wimse-leave@ietf.org
>

v2.29.0 | Report a Bug | By Email | System Status