You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need to implement a new experimental example called Proxy Attestation Service.
Proxy Attestation Service works as a Certificate Authority for TEE applications. It attests applications and creates signed certificates for TEE applications, which they use to create TLS connections with clients.
The work cycle of the proxy is represented in 2 stages. First stage corresponds to the backend server attestation:
TEE application connects to the proxy
Proxy attests the application using a corresponding remote attestation protocol
Application sends the proxy a certificate signing request that contains TEE measurements
Proxy sings it using its private key and sends the signature back to the application
Second stage corresponds to the client connection:
Client remotely attests the proxy using a corresponding attestation protocol
Proxy sends the client its root certificate
Client trusts that this is a correct certificate, since it was sent via a secure channel created during the attestation process
Client connects to the application using TLS, and the application uses a TLS certificate previously signed by the proxy
Client checks that the certificate was signed by the root certificate and establishes a secure connection
The text was updated successfully, but these errors were encountered:
This change adds Proxy Attestation example.
It consists of:
- `experimental/proxy_attestation`: CA that can create signed certificates based on certificate signing requests
- `examples/proxy_attestation/client`: Client that can request the CA root certificate and use it to connect to an Oak application
- `examples/proxy_attestation/module`: Simple example Oak application
Certificate signing requests are created by `oak_loader`.
Fixes#1860
Ref #1374
We need to implement a new experimental example called Proxy Attestation Service.
Proxy Attestation Service works as a Certificate Authority for TEE applications. It attests applications and creates signed certificates for TEE applications, which they use to create TLS connections with clients.
The work cycle of the proxy is represented in 2 stages.
First stage corresponds to the backend server attestation:
Second stage corresponds to the client connection:
The text was updated successfully, but these errors were encountered: