On 6/6/19 5:44 AM, Mimi Zohar wrote:
Instead of measuring all the files in policy, Roberto's "digest lists" proposed patch set measures only "unknown" files. Why bother with all those messy measurements?!
I agree. But in our use case scenario, we want the attestation service to know who signed the system files and leave the task of validating the file signature to the clients.
Essentially, in our approach we are measuring the "signer".
In your use case scenario, will the measurement list only contain the builtin and secondary keys? Mimi
In my implementation I am measuring the builtin keys. Since any key added to the secondary keyring also needs to be signed by a key in the builtin keyring, I feel measuring only "builtin keys" is sufficient.
But I am open to the suggestion of measuring secondary keys as well. Please let me know if you think that is a must.
Thanks, -lakshmi
