[Wimse] Re: Runtime costs of multiple signatures?
Justin Richer <jricher@mit.edu> Fri, 26 July 2024 15:15 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: wimse@ietfa.amsl.com
Delivered-To: wimse@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69B92C1D4CF4 for <wimse@ietfa.amsl.com>; Fri, 26 Jul 2024 08:15:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gurdb1gLDW51 for <wimse@ietfa.amsl.com>; Fri, 26 Jul 2024 08:15:00 -0700 (PDT)
Received: from BN8PR05CU002.outbound.protection.outlook.com (mail-eastus2azon11021099.outbound.protection.outlook.com [52.101.57.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CF1EC1D4CE5 for <wimse@ietf.org>; Fri, 26 Jul 2024 08:14:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=goTmRApFJODO8NRUJGtg/7nfELlBWxY65YmdjIiEkl7AnY7mMwlIhcxpCx4RijqsqiM2uRHU4zuxCF3wTG1uTD+kIXNRt5a+t54fNrCNg1fHVCC3+p/1vCfpSEAVk0QBVI0ozyXULMpy8hbZ6ikux2F4q0bxLA0sS4niB9DFgfWwhjFnY7/7czTwQvGCVekY16WSvGjRo+TrkKZpHuwMmermTt8VhmqHZvc+stra5s9tjoACUodgAO1vibnd8Cp0j//W6re28x0dOUMTsB4gvqvUPoh2J6hxRXilXKqEe5lu4nbtagbpq61pU7u83BNRTVDX0fjOX2exaarWmKiOEQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=33ZNYMs0GLgzDVm81us2XxHdgxhCkto/8LGXBRCaPhQ=; b=hg5flXhOv4hV1DSKGYzbI01NZ1vcQA8dnRjHag1s0Dj0uLpYeFQdeD5e1hp6I9HgIMce/sn8l8DjGyDg5Tnok6XJM1gNZ5xhugMsdu4iWfaRgi84xeLiD1uL8iQeDG0HVdkUMlFYmZ54Gvo40NHFiuPRNWj0BfVZTtjw1suE+Rf0jrkp36QfnOUSXwSHG1UWVtImNpnjba6zujXHw8aPWoZ6XFuu4VYyYwy8zdJY6Al051oSHscruUzCuoVXa/HwW1qEUs6mXtbO680igeR5hcTR01YAO1sEkzOA1NFaI7ZtcAl6rhx6kRYqkP+SA76/Qz2kg5KiDhF1ZRnRlU35ng==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mit.edu; dmarc=pass action=none header.from=mit.edu; dkim=pass header.d=mit.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=33ZNYMs0GLgzDVm81us2XxHdgxhCkto/8LGXBRCaPhQ=; b=aa+RmlHSfdCLICndi0ccHkEllQeOvc0BOuqG/paucDOXs2WL+aTW0xGdb1/ktQMvFzwGkyvWd0TPRVrqU4x42KnqLzoegbQzWdh4ZycAK0wWLCa9n2FhW6gf1lO17Tsxf7wUKdNQdAqK3lIHH5JTPb8ZEW5f0xqruaUcxb15xBc=
Received: from LV8PR01MB8677.prod.exchangelabs.com (2603:10b6:408:1e8::20) by CH7PR01MB8787.prod.exchangelabs.com (2603:10b6:610:24d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.32; Fri, 26 Jul 2024 15:14:53 +0000
Received: from LV8PR01MB8677.prod.exchangelabs.com ([fe80::e7d6:999:270f:a820]) by LV8PR01MB8677.prod.exchangelabs.com ([fe80::e7d6:999:270f:a820%6]) with mapi id 15.20.7784.017; Fri, 26 Jul 2024 15:14:53 +0000
From: Justin Richer <jricher@mit.edu>
To: "Dean H. Saxe" <dean@thesax.es>, "McAdams, Darin" <darinm=40amazon.com@dmarc.ietf.org>
Thread-Topic: [Wimse] Re: Runtime costs of multiple signatures?
Thread-Index: AQHa3hFEGHao6rmdG02W1JuMca7iHrIGcjGAgAG9FQCAANrxgIAAFIRe
Date: Fri, 26 Jul 2024 15:14:53 +0000
Message-ID: <LV8PR01MB8677E34DCC718737A80E0F2BBDB42@LV8PR01MB8677.prod.exchangelabs.com>
References: <9EFDE84B-77A9-4CB8-8E10-96D6305FD42A@amazon.com>, <CACsn0cnNQZFV3xefxCOGXKVhD6LNjSovap-39=r-jd7-r1VG-A@mail.gmail.com> <89478A9C-609B-4A7B-B310-382B9F3565D4@amazon.com> <CAPzg_DfUHOg7jRArH_GgTp9KEMKkrj446fFxXYZ7kHbv5L8PqQ@mail.gmail.com>
In-Reply-To: <CAPzg_DfUHOg7jRArH_GgTp9KEMKkrj446fFxXYZ7kHbv5L8PqQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LV8PR01MB8677:EE_|CH7PR01MB8787:EE_
x-ms-office365-filtering-correlation-id: 2ec27e15-b376-4b29-b476-08dcad85b38e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|4022899009|366016|376014|38070700018;
x-microsoft-antispam-message-info: TqUp2PomJbNi6z98kwZlQtuFIXQIieMMT1eCT4km8Lh8e4vIRym7Qjbo0DCY7GoqlozJZ5YHON87rOhTLjrtdzazuyQNKmrEgPtzwFAGaHyW8jYMfpF10p262NaeJPc07HlibipkAKEzolR38rJzkwuMYd5j94FSEOtYoVHGBTB9bzNBejyw2+PRF2WNBEe9lmO3UNUIH5PeeTreD9Q6XCDGoEjKtv8oWTlDpfqf+/uVIj7Qx1NkB22iA7ZUeWK8YmTqfQdiiAUlkrGNiRvogzigRXvfqYscRAPHxUoV5HajqjYXcl3guNDAJAnQn+a/Z/CQgXXKKcyZVYqEUBSDzKcvcplietZPr+687w0C1tvoz3WuO/ywB6RkPvfxWj8Gpp2oA9N9Xh74vqx2btaCR8ttmdbSfFkKxrX0vbEgvUwMC2uA9+gJgr/cWxkHPXcGGu0gJYtzeQ9I4GQv6pKmK0CHZUlYtkDDedgR4rtIYnVcrGsEAS4G7fy7IjZDHkKNltLOOpG5kwZ8ygKU3jkvdt3rHKjCUSZS6XuNf16CD0FX0Tc7AZUA+WW/mF8A9+kSwCeeaGX+JtnYUuaJBhhYUPBzbxK+j0T6q8JMZKi3iw9NfWVAXiOF0hQX9DzJzisxnPKhcklDyArwlC1Xjc/BIbXpj7MygFCdNzBIxdBfCmm3He49T3IHx0N4pzRh0iZDCp/DaumR0/ExVZaX/h7w6iLcQEbyGkCw5LkVbbuGuFczIYc/GeWlDZ8cajcaqNRUBNkEsBS31Fdg/kPUFrYlJXZMrj3gve+BWph/J4UYCYiCs5DJ8upA98cp8pG8gjpmTBUG1bUHNr/Xlhe2qw+4OlYw0XhmsWS+ugofnUElOHoZpgLMpYl5/AyxiHgiAAuxJN+TOCybdCJkpZfhTz3YT/DtPNel/cmk+cFWvocZatNLHQU9bHFkQ5ySQmmNqBXnBdagB8saAC43hDv54aIAgMGkPIW/1UVmgvwS5SSIoCEPpWifCMJkvfwGOJ4TIuzW74rkJwaKD+zbiJyCKk5Cf05Jnho8fGDJdklqVSGJbRIprUTV/wsvTYl0EHQKW14MNZDPr6cW7roII2WO39NNftjkLFjoKsmODtPPDswamO2PeUh4IozGE1xE78/fg0Wh2vdxlXx5fdKzOBxX2CW+NIARiFWoBWiovLMnsqY9w1Ct4LcPjh1Gh06Ei9lrK8Zf9xEy4FMga3Ot3fGfEmIyN0sM+mQzhWc1Alhxztee5JUU5b1oVdkaWc+J3WVKyLO/VRmRRglBwUEwvP/SVcWlhJ0LYk/AhYilikoL9l39QmZIpopgL0zZoWU5AAfzkTLFjelIqqVFQ7zqmnfmvEE5iRpytyE2hBgQ/MH9arqoAKg=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LV8PR01MB8677.prod.exchangelabs.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(4022899009)(366016)(376014)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: xOF8M7FG8gTrUBFqicLWH4uv1nd/DfheT+YoHWzIeiGUiEWchSzr/s/wfbfq143C7udo7VwULbJ04ws548VhLz52HJ/psTZY4uYXgrmPrOFKy8IqItSqFgnE4UoP/PLuPh6tiSrc+ySRYAtfW9/AmOiCB25PjFCBVtClL4hcFTopbNmdaUAVxxHPEoqpd9FAXwLCvSmYDSgImlKMBqzuva4ONM3QIe+e59PcGlWLvvi6U9OwEWkq1rWwuSd7kYIbBrJqXDHXpu7bJ6HqAi3yCN4HehIq7LaAlogeiQSNYjyrTSRxM5dsa0r9DEC3m4k5TPXbSvMrabyQ15yVRwC/1xvPhuo0oPU2Md/8dAkKphoiQc838L3tp3+VC5o2eUImqLf4P+Ls3//zAD10L6qmFa/Ra7BRyjZg2ig2mEPyp4sfZjS4TAJbnCyiboUikTQp++39Ja+ao9+HnIriFISzJiAINgfTZQW2EYSWGsdYIRLdlXNYnFmiXp7pL+Xk5IYLpLbej2gXbYJtWFUwrV3XnFLlHtQ1ihjem8Wm6NTqtcrwvI+OMFE3FkBSFI3GM27bBaUbClkkpcZ109wl15i7n4V1l7ZK/+JMGqjsgN9Pozlke0LH4D4YgHYP6yq/wAymgihXasnb/XVhvGyYW50kmTgKfmhxFeZE1FHOaczg/OFMIPNgMDPY0mxhUXaqwjrdpaKRIiqoIxH/omJQeyJ9aKX8v06lz94SPBdpZG0Hqb40ktp5GK/ASH9SwyMAxsK+WxNXt+MxTvqe3J3PdtJOekge8OAdiJABZaxCx/u9j4447clR1CrBFUNtYH+VDl8B4nx7y2G1zTVAwOjh4TCjCDFqxfM1LygGT9LS8LKT4LRHa0ksuAv7u2QqY1FPV8SSyU04e/zPziWJhqSEKKPEmvphHSPXNU3F1VLEFdAg1oOtuTPVK91km/G1Y3gzqDrBd38iYq6485i6dxXX8vbkU6kx4SGnEqXgIwUV3QLwThw2vlUNjPt6wBLCiH0rG6SyaQLq071J88IgWhIhgMbEk4cn7o17PUtnWvlAOo4HMI9pdbnjWTESUHBODg01BGSApsR66TSHLzl1zyBT/C2zOYceNLRJM8Ne7LK6Rc7wUIXMveX7OcNOY8KU3rvWlHQj0wLZBihgbzitZsn4U2NOBBb/4yU6UKQwFbH0pZg1O0gVKc8GYW+7BCUlYMScnkkgbp0C4Jrke44+1qiGewCd/BuBqE27k3q3F5YUSgr+O8LnkDkm21g04TAUYvBjTsK51HsaEHIuNYB/Nqj0+Hzd1RNUS7B44nIp+wSG6kT527tuou1ZPh9tA/ii+mcQiCSVtAcsQKv8oNT123iV047KT8GhYWIIEd202q+3qT5t1hNmksqGNaCCx+NrFC55Q3u2JuV2EAnhdNT/2+4r7p80GdMI0pMhrCWYx4wtDqRQFU/Fa5iZp8TxTAcgrpT5Zn0udC9iF79TKe/kWQPL+lghiUiRnp0CLbHXSZwJNNC7Tmcu3DA0QJpiwAnO9HKH2ik1eHuH2aiGImvuRJgCrOtjOxWsgrnzr0zn3Y+d1+w7I8S5I1cyZk9L1hswvIHVNBzsLYjfho8bMT95ouM9WOXnS83PQSgQzWweNBosPHUthY8=
Content-Type: multipart/alternative; boundary="_000_LV8PR01MB8677E34DCC718737A80E0F2BBDB42LV8PR01MB8677prod_"
MIME-Version: 1.0
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV8PR01MB8677.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2ec27e15-b376-4b29-b476-08dcad85b38e
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jul 2024 15:14:53.3972 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jnuavtd939x4N+dpx3h7GAs9v/MxHg1ovyhRjh/mUAza8vO22eIdGEX/BNmv97zF
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH7PR01MB8787
Message-ID-Hash: ROWD5UHOSHHKPEBANZ5CVVTD634NLUSN
X-Message-ID-Hash: ROWD5UHOSHHKPEBANZ5CVVTD634NLUSN
X-MailFrom: jricher@mit.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "wimse@ietf.org" <wimse@ietf.org>, Watson Ladd <watsonbladd@gmail.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Wimse] Re: Runtime costs of multiple signatures?
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/icLHLir2-zPQNkrW7aalNYEb6o4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>
Chair hat off, architect hat on. Embedding a token into another token really just hides the problems more than anything. We've seen this with deployments that wrap jwts into other jwts: the top layer might be quicker but now you've got to deal with unwrapping the underlying pieces. Then it's decode, parse, validate, decode again, and so on. Tokens, by their nature, are self contained, and I think our community jumps to them as a convenient data container too quickly. I do think there's room to consider other structures, like for example the graph structure I hand wave at in https://datatracker.ietf.org/doc/html/draft-richer-wimse-token-container-00 - the contents of each bucket don't need to be tokens nor do they even need to be internally signed. The graph structure provides an overall cryptographic capability that individual tokens don't, and it allows changes (especially additive ones) without wrapping. Tokens have their place but when they start to multiply, I think we do need to ask if it's the right structure. - Justin ________________________________ From: Dean H. Saxe <dean@thesax.es> Sent: Friday, July 26, 2024 9:53 AM To: McAdams, Darin <darinm=40amazon.com@dmarc.ietf.org> Cc: wimse@ietf.org <wimse@ietf.org>; Watson Ladd <watsonbladd@gmail.com> Subject: [Wimse] Re: Runtime costs of multiple signatures? Darin, I see this as a combination of the existing use cases in https://datatracker.ietf.org/doc/draft-rosomakho-wimse-tokentranslation-reqs/? Specifically use cases 1, 2, and 4: token format change, token encoding change, and embedding one token in another. The tokens would still have to be processed at least once to make these transformations in order to reduce the processing overhead down the call stack. Embedding may not be exactly what’s required, perhaps there’s an additional use case to consider that enables bundling or combining tokens. I’ll author a PR to add this use case. -dhs -- Dean H. Saxe dean@thesax.es<mailto:dean@thesax.es> On Jul 25, 2024 at 5:49:44 PM, "McAdams, Darin" <darinm=40amazon.com@dmarc.ietf.org<mailto:40amazon.com@dmarc.ietf.org>> wrote: ECDSA 256 verification is a part of it. There’s also multiple invocations of a JSON parser to get at contents of the JWTs, and other overhead. On Jul 24, 2024, at 3:17 PM, Watson Ladd <watsonbladd@gmail.com<mailto:watsonbladd@gmail.com>> wrote: CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. > On Wed, Jul 24, 2024 at 2:35 PM McAdams, Darin > <darinm=40amazon.com@dmarc.ietf.org<mailto:40amazon.com@dmarc.ietf.org>> wrote: > > I ran the numbers and we’re on the edge of what (I think) is acceptable, and on a slippery slope. > > Here’s the stats. Consider 4 tokens that could become common in workloads: (1) access_token, (2) WIT token, (3) WPT Token, (4) Txn-Token. Based on the examples in the specs, we’re in the ballpark of ~2K bytes (25% of typical 8K header space), and approaching a millisecond in processing time for all the hashing, signature verification, and JSON parsing. And, that’s the baseline. It would increase further with RAR, or adding richer context to a Txn-Token, and so on. > > The reason I say it’s a slippery slope is because I’m observing a pattern where each WG solves it’s goals by adding 1-2 tokens to a request. Viewed independently, each decision is logical. Cumulatively, it leads to a tragedy of the commons in terms of consuming the shared, finite space in HTTP headers. > > Workloads are especially sensitive to these details due to the scale at which they operate. As a result, I would raise the question whether the working group’s criteria for evaluating solutions should include some reasonable goals on cumulative token sizes and processing time. This may lead us to consider more compact representations of tokens, or perhaps mechanisms to bundle more information under fewer signatures. ECDSA 256 is 53 microseconds to verify on my mac according to openssl speed. 4 of them is 212 microseconds. Where is the other 700 microseconds coming from to get to a millisecond/can we fix this by using more compact formats? Sincerely, Watson -- Astra mortemque praestare gradatim -- Wimse mailing list -- wimse@ietf.org<mailto:wimse@ietf.org> To unsubscribe send an email to wimse-leave@ietf.org<mailto:wimse-leave@ietf.org>
- [Wimse] Re: Runtime costs of multiple signatures? Yogi Porla
- [Wimse] Runtime costs of multiple signatures? McAdams, Darin
- [Wimse] Re: Runtime costs of multiple signatures? McAdams, Darin
- [Wimse] Re: Runtime costs of multiple signatures? Watson Ladd
- [Wimse] Re: Runtime costs of multiple signatures? McAdams, Darin
- [Wimse] Re: Runtime costs of multiple signatures? Dean H. Saxe
- [Wimse] Re: Runtime costs of multiple signatures? Justin Richer
- [Wimse] Re: Runtime costs of multiple signatures? Dean H. Saxe
- [Wimse] Re: Runtime costs of multiple signatures? A.J. Stein
- [Wimse] Re: Runtime costs of multiple signatures? Brian Campbell
- [Wimse] Re: Runtime costs of multiple signatures? Dmitry Izumskiy
- [Wimse] Re: Runtime costs of multiple signatures? Yaron Sheffer