morty@home

I’ve been playing around with some ideas for WSE and attributes lately. This is how my WSE enabled method looks right now. And before you start screaming about policy; there we’ll be some rationale coming.

[WebMethod]
[WseProfile(“Default”), WseX509Security]
public void MySecureMethod(int x, int y)
{
   ...
}

I have been selected as a Microsoft Regional Director for the year 2004. The program has a group of some of the smartest industry minds today, and I am honored to be a part of it.

From the Microsoft Regional Director website:

Regional Directors aren't Microsoft employees--they're independent developers, architects, trainers, and other professionals who provide a vital link between Microsoft and the developer community.

Clemens Vasters, a fellow RD and a good friend, has a nice post outlining what it means to be an RD.

I read and hear that increased performance is one of the primary reasons for employing secure conversation instead of PKI and X509 certificates. Usually these statements are based upon the fact that PKI encryption is relatively slow. This becomes a problem when large amounts of data are involved because the encryption algorithm used with X509 certificates is not a block cipher.

I am not going to give an exhaustive explanation of how block ciphers work, but just note that they scale very well as it’s usually just the first block that is encrypted and then a chaining algorithm is applied to transform the next blocks based on the encrypted output of the first block. The asymmetric algorithm used by X509 certificates splits the data up into chunks of the maximum allowed size and then encrypts each one of them before chaining the encrypted blocks together. Moving back to the topic at hand I would like to shed some light on the statement about performance and secure conversation.

If you use an X509 certificate to encrypt a message using WSE a symmetric key is generated. This symmetric key is then used to encrypt the specified parts of the message. Finally, it is this session key that is encrypted with the X509 certificate. This means that the asymmetric PKI encryption is only used to encrypt a small key, and never the entire document. As a result, the scalability of the asymmetric PKI encryption isn’t really a big performance issue when used in this way.

There is an overhead involved in generating and encrypting a new symmetric key for each message, but how this affects the overall performance of your system depends upon your architecture and distribution. I would think it would be a non-issue for most internet-based applications.

There is of course also an overhead involved when initiating a secure conversation as trust must be validated and the session key must be generated and distributed. As a result, the amount of messages exchanged within each conversation becomes an important factor when deciding on the performance impact.

If you don’t need client authentication you may also use the secure conversation session key to ensure integrity, and that will shave some cycles off using X509 certificates for digital signatures.

There are in other words performance concerns when using either one of these security strategies, and which one is the fastest depends upon your architecture and usage patterns.