[messaging] Encrypted Pulic Contact Discovery
Steve Weis
steveweis at gmail.com
Thu Aug 27 19:22:36 PDT 2015
Maybe I spoke too soon. Here's a paper from UC Berkeley & Microsoft
appearing in CCS that talks about attesting a formally verified enclave
running a few different enclaves:
http://www.eecs.berkeley.edu/Pubs/TechRpts/2015/EECS-2015-162.html
Pretty interesting.
On Wed, Aug 26, 2015 at 1:41 PM, Steve Weis <steveweis at gmail.com> wrote:
> Yes, just to clarify: Remote attestation is clearly a design goal of SGX.
> I just don't think they've built example code or tools for it yet. I don't
> think the Linux SDK has even been kept up to date.
>
> On Wed, Aug 26, 2015 at 1:31 PM, Justin King-Lacroix <
> justin.king-lacroix at cs.ox.ac.uk> wrote:
>
>>
>> SGX is a really big step both because Intel has actually issued the
>> equivalent of endorsement/platform credentials, so it's usable on the open
>> Internet, and because it measures user-level code, which is what most
>> applications of RA actually care about. (In fact, the partial isolation of
>> the enclave code from the OS means the remote party often doesn't need to
>> care about what OS is running.)
>>
>> I'm really not convinced RA is an afterthought for SGX. Intel have been
>> talking about it from the get-go.
>>
>> On 26 August 2015 at 17:20, Steve Weis <steveweis at gmail.com> wrote:
>>
>>> With SGX, remote attestation is possible but seems like an afterthought
>>> right now. My understanding is that Intel expects someone to write an
>>> attesting enclave that will handle attesting peer enclaves. I don't know of
>>> any attestation enclave implementation or tooling around it that exists yet.
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150827/02200ebc/attachment.html>
More information about the Messaging
mailing list