Re: [docs-and-reports] Should we include a mitigation for running coordinators across multiple cloud providers? (#21) from Erik Taubeneck via GitHub on 2022-10-21 (public-patcg@w3.org from October 2022)

From: Erik Taubeneck via GitHub <sysbot+gh@w3.org>
Date: Fri, 21 Oct 2022 19:45:31 +0000
To: public-patcg@w3.org
Message-ID: <issue_comment.created-1287370120-1666381530-sysbot+gh@w3.org>

My concern here would be if an attacker controls the cloud provider and the first/delegated party, and all coordinators run on that cloud provider, the attacker can construct the entire private key and decrypt the data.

As for getting the key into the TEE, I believe we are assuming a secure communication channel between the coordinator and the TEE (i.e. the TEE has an internal private key with an externally known public key, allowing the coordinator to send in encrypted data that even the TEE operator couldn't see.)

-- 
GitHub Notification of comment by eriktaubeneck
Please view or discuss this issue at https://github.com/patcg/docs-and-reports/issues/21#issuecomment-1287370120 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 21 October 2022 19:45:33 UTC