On Wed, Sep 6, 2023 at 4:21 PM Ken Goldman <kgold@xxxxxxxxxxxxx> wrote: > On 9/1/2023 5:20 PM, Tushar Sugandhi wrote: > > On 8/30/23 11:06, Ken Goldman wrote: > >> On 8/1/2023 3:12 PM, Sush Shringarputale wrote: > >>> In addition, a large IMA log can add pressure on the network > >>> bandwidth when > >>> the attestation client sends it to remote-attestation-service. > >> > >> I would not worry too much about network bandwidth. > > Our bandwidth concerns are about scaled out system. > > > > When IMA log size increases in the range of megabytes, and when the > > number of client devices increases, it makes an impact on the overall > > network bandwidth. > > It should not, because the client only sends new measurements. It only > sends the entire list once per boot. > > Does a megabyte matter in a modern network? As for overall performance, > a megabyte may take 10 msec, while the TPM quote could take 1000 msec, > and verifier hash and asymmetric signature checks are also slower. I think there are two issues here: the first is the attestation methodology, the second is simply the size of the deployment. There is rarely just one answer to a question, and in the case of remote attestation I believe that holds true. Sending some delta of measurements to a remote node performing attestation does reduce the amount of network traffic, but it does add an additional burden of state tracking to the attestation node. Sending the full measurement log decreases this tracking burden, but it does result in more network traffic. Arguably the "best" choice is likely going to be dependent on a number of complex factors including the size and complexity of the deployment. However, the snapshotting work is not about managing network traffic, it is about mitigating an unbounded memory buffer that has been causing problems in at least one real world deployment. The IMA measurement log snapshot is designed to allow an admin, or some other privileged entity, to checkpoint the log and trim the old entries in such a way as to preserve the ability to perform a meaningful attestation without having to maintain the entire measurement log in a memory buffer. -- paul-moore.com