10:48 <andi-> The amount of delay of the NVD/MITRE latency is making me a bit angry... I am tempted to invest into scraping various websites and mailing lists :/ only after the bare thing is working tho..

19:44 <andi-> What kind of benefit would we get from also tracking staging(-next) and the -small branches? Is that of any value? I have a few pros and cons myself.

20:23 <MichaelRaskin> For those who — like me — glanced at https://foreshadowattack.eu/ and decided «Ah, Meltdown-SGX»: the attack claims to extract the CPU's signing key for remote attestation, which would include complete breakdown of SGX remote attestation for all the currently deployed silicon.

22:15 <andi-> I don't know what one should do besides shrugging and going with other broken hardware from other broken companies... I mean at this stage there isn't much you can do besides hoping that intel provides fixes/replacemnets or buy new. Pretty sad.

22:24 <MichaelRaskin> Well, apparently you also should just know that this generation of remote attestation of deployed code is plainly broken

22:25 <MichaelRaskin> I think AMD had some completely different problem that also breaks trust in remote attestation

22:35 <andi-> I vaguely remember a discussion 1 or 2 years back where I questioned the whole idea... I just lost trust in technology :/

22:38 <MichaelRaskin> I remember the discussions of «Object Storage» that people on LKML declared a bad idea because people who mess up RAID1 should not be asked to implement something actually complex.