[Rats] Draft-charra's use of RPC to retrieve log entries may have a potential scalability issue
"Panwei (William)" <william.panwei@huawei.com> Thu, 04 June 2020 09:00 UTC
Return-Path: <william.panwei@huawei.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 183E03A092D; Thu, 4 Jun 2020 02:00:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.101
X-Spam-Level: ***
X-Spam-Status: No, score=3.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_SUMOF=5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KxdYPRwQJdDC; Thu, 4 Jun 2020 02:00:41 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FB6B3A092A; Thu, 4 Jun 2020 02:00:41 -0700 (PDT)
Received: from lhreml721-chm.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 174E7868855DE9E0269F; Thu, 4 Jun 2020 10:00:40 +0100 (IST)
Received: from nkgeml708-chm.china.huawei.com (10.98.57.160) by lhreml721-chm.china.huawei.com (10.201.108.72) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Thu, 4 Jun 2020 10:00:39 +0100
Received: from nkgeml705-chm.china.huawei.com (10.98.57.154) by nkgeml708-chm.china.huawei.com (10.98.57.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Thu, 4 Jun 2020 17:00:36 +0800
Received: from nkgeml705-chm.china.huawei.com ([10.98.57.154]) by nkgeml705-chm.china.huawei.com ([10.98.57.154]) with mapi id 15.01.1913.007; Thu, 4 Jun 2020 17:00:36 +0800
From: "Panwei (William)" <william.panwei@huawei.com>
To: "draft-ietf-rats-yang-tpm-charra@ietf.org" <draft-ietf-rats-yang-tpm-charra@ietf.org>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: Draft-charra's use of RPC to retrieve log entries may have a potential scalability issue
Thread-Index: AdY6N8erjNrQvOn7QaWCyoBB751rHw==
Date: Thu, 04 Jun 2020 09:00:36 +0000
Message-ID: <e530b721709c438fa8db6a7cb5813ef2@huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.138.33.152]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/qFq91oujxykEqBGYIW3N8ljaN68>
Subject: [Rats] Draft-charra's use of RPC to retrieve log entries may have a potential scalability issue
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jun 2020 09:00:43 -0000
Hi authors, When I reviewed the YANG module defined in this draft, I noticed that the log is retrieved by using RPC, which I think there may be a scalability issue. The draft now defines two types of logs: bios-event-logs and ima-event-logs, both of them are designed to be retrieved by RPC. I don't know whether the bios-event-logs will have too many entries, but I think ima-event-logs do have the possibility. The IMA measures the files in the device, calculate their hash values, and extend the hash values into the PCRs. For the ima-event-logs, it records all the files measured by IMA, including the file name, hash value, pcr-index, etc. Therefore, it's easy to see that the size of the IMA log is proportional to the number of the measured files. When there is a large number of files in the Attester that need to be measured, the number of log entries can also be significant. The problem can be much more severe in the Composite Devices, i.e., a Composite Device contains multiple Attesters, then the total amount of log entries is the sum of all files of all Attesters. The log size is uncertain, it may consist of only a few entries, but it also may exceed tens of or even hundreds of megabytes. When the log size is large, it's inappropriate of transferring the log by messages like using NETCONF RPC. Because sending the log can take up a lot of bandwidth, and other features using the same NETCONF connection will be affected. I think other mechanisms need to be considered here, maybe using a separate protocol to transfer the log. So what do you authors think? Is this a reasonable problem needs to be addressed? Regards & Thanks! Wei Pan
- [Rats] Draft-charra's use of RPC to retrieve log … Panwei (William)