You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the measurement reports are expensive to validate; PGP signatures are performed over the entire snapshot contents in parallel with sha512sum. It would make more sense to simply PGP sign the hashes. There was a time when I thought PGP sigs would be the only way to go but now I'm quite sure there is a vanishingly small population people even remotely interested in backup integrity at all, let alone integrity which involves PGP.
The text was updated successfully, but these errors were encountered:
Currently the measurement reports are expensive to validate; PGP signatures are performed over the entire snapshot contents in parallel with sha512sum. It would make more sense to simply PGP sign the hashes. There was a time when I thought PGP sigs would be the only way to go but now I'm quite sure there is a vanishingly small population people even remotely interested in backup integrity at all, let alone integrity which involves PGP.
The text was updated successfully, but these errors were encountered: