This a change from my earlier proposal. In the new proposal I am making the public key is not included with each event. The data included in each IMA event does not change. For instance, when IMA signature validation is selected (ima-sig template, for instance), each event will have the IMA signature (which includes the 4 Byte Key Identifier and the Signature)
1 - How is your solution - including a public key with each event - related to this issue?
2 - I don't understand how a large cloud affects scale. Wouldn't the verifier would typically be checking known machines - those of their enterprise - not every machine on the cloud?Yes - the attestation service (verifier) will be attesting only client machines known to the enterprise. But such clients could be running different versions of the OS and the kernel modules.
Can't we assume a typical attestation use case has a fairly locked down OS with a limited number of applications.
keys. But we don't want to take that approach - instead we want to verify the keys used by the client.
Like I said, it should be rare. In the worst case, can't the service tell by trying both keys?If the service is validating the signature again it can try all the
I have a new proposal as described above. Sorry if I had confused you.
I thought your solution was to change the IMA measurements, adding the public key to each entry with a new template? Did I misunderstand, or do you have a new proposal?
How does this solve the collision issue? If there are two keys with the same key ID, isn't there still a collision?Like I have said above, the client will log all the keys from the relevant keyrings (IMA, Platform, etc.) The service will verify that they are all known\trusted keys - which gives the assurance that the IMA signature validation done by the client was performed using trusted signing key(s).
I understand how the client keyring is used in IMA to check fileIn my new proposal, the keys in the client keyrings will be logged in the IMA log. The attestation service will verify that they are known\trusted keys.
signatures, but how is that related to the attestation service?