I wanted to highlight this important design document, which @mateusz just posted in the TEE category:
It proposes an architecture, with reference implementation, for translating governance decisions into discrete TEE application updates; in particular regarding provisioning of resources and distribution of secrets.
We are considering adopting this approach for BuilderNet. It provides a number of interesting benefits:
- Reduce dependency on Flashbots and centralized infrastructure
- Increase transparency: complete on-chain audit trail of all changes and system states.
- Possibly replace BuilderHub: secrets and configuration is distributed using decentralized DA storage. Governance can delegate authority to create/update secrets, and other system decisions like builder node allowlists, etc.
- Simplified trust model using a TEE-based TLS root certificate authority: users can verify it’s TEE proof to trust the root CA, and the trust chain can extend to all certificates signed by it (instead of needing to TEE-verify each instance certificate individually).
Please take a look at the post and chime in with your thoughts!
References: