Amazing prototype. We have talked with a lot of developers and I believe this is exactly the direction they want to see – an SDK that is:
- Easy to use: allow to convert any Docker image to run inside a TEE CVM with minimal efforts
- Secure by default: follow the best practices for TEE security
- Not vendor lock-in: abstract the hardware / cloud provider details away from the developers
At the same time, after @socrates1024 shared his idea of dstack, we (the Phala team) have also played around the idea and built our own version of “dstack”: GitHub - Phala-Network/dstack.
The intention was to prototype it and eventually merge to “Tstack” as well. I’m still putting our ideas together as a forum post to share later.
Inline comments below:
Brilliant idea. So after the security audit, the auditor essentially establishes the trust from the code repo to the binary by its hash in the measurement.
Is the first quote still verified onchain? If not, do you mean to delegate the verification to the social consensus, i.e. let a DAO to check and vote for the inclusion?
Yeah, I’m for this approach. It fits into the framework of Early Thoughts on Decentralized Root-of-Trust.
Great point! I’ve put a lot of thoughts on the “Unstoppable TLS” idea. We call it “RA-HTTPS” internally, focusing on the browser compatibility and easier verification. The basic idea is by combining content addressing (e.g. 0xOrchAddr.pod.dstack.dev
) and the access control of TLS certificate issuance. Passive defense by monitoring Certificate Transparency is a good way. We also explored some other proactive defense mechanism. I think we can share more ideas on this soon.
Agree. Another problem around it is about the boundary of trusted code and untrusted (user) code in the guest CVM. We also had a lot of thoughts on it. Hope we can publish some discussion soon.
It’s going to be hard. Especially the key rotation will put a computation burden to apps with a large database.
Re. KubernEthes (k9s😂): How does local test look like? I think we can have some kind of mock mode to run a standalone stack without accessing blockchain.