On 12/11/2017 3:26 AM, Roberto Sassu wrote:
I meant that when a Verifier attests unknown Requestors, likely delta
reports cannot be used.
Is there a real use case for "unknown requesters"? Unless the verifier
knows the requester's public key, it can't verify the quote.
I conclude that a requester is always known - by its unique public key.
3 - All implementations I know of use some database for the verifier.
It already has to hold public keys, error reports, etc. Adding one
more integer - the number of events in the last report - isn't hard.
I have open source sample code that does all this already.
With OpenAttestation 1.7 (which supports IMA), I noticed some delays.
But, as you said, performance can be improved.
I can't speak for that code. But my sample code supports incremental
event logs. The implementation was not trivial, but it wasn't overly
complex.
The real gain is not the event log transmission time. That's
unmeasurably small. It's mostly validating the IMA signatures, and
partly reconstructing PCR 10.
We've already seen logs with 60K events (events, not bytes). You don't
want to walk that log every time, especially when one verifier starts
supporting 1000's of requestors.
