SecAD review: figure 3

[mcr]

Archived-At: https://mailarchive.ietf.org/arch/msg/rats/8zFV_R7aFkCQxuzw0ljjh9tfamQ

#1 Figure 3

I cannot make sense of Figure 3. I understand the text in Section 3.2, so it
might not matter. But for instance the figure does not show to me at all that
the bootloader attested the kernel.

#2 Dark sides

Obviously, this architecture can be misused for bad things. It might be nice to
have a section on this as per RFC 8280, but I am also not sure what to say
other than "don't use this to restrict people based on discriminatory features".