How to make sure worker proof which contains AVR is really from IAS?

[bjwswang]

Avalon register a worker with details which includes AVR to blockchain, then a user client can retrieve worker details and veirfy the AVR accordingly. The question is how do we believe the worker AVR is really generated by IAS rather than faked by some worker registry? From my understanding , seems we trust that the Worker registry won't register bad worker on purpose.

[bjwswang]

https://github.com/scs/substraTEE/issues/33 I asked same question in substrateTEE which is another project focusing on off-chain trusted compute. Seems we need to verify the IAS Report Siging Cerficate before allowing a new worker to be registred,but I can't find the code in anywhere.

[bjwswang]

Is this repo still active?or where should i post question to?

[manju956]

scs/substraTEE#33 I asked same question in substrateTEE which is another project focusing on off-chain trusted compute. Seems we need to verify the IAS Report Siging Cerficate before allowing a new worker to be registred,but I can't find the code in anywhere.

Yes, the way to verify the authenticity of AVR is by verifying IAS report signing certificate. Code - https://github.com/hyperledger/avalon/blob/master/common/cpp/verify_ias_report/verify-report.cpp#L39 Though the cpp code is only used within the trusted code to verify report, from client side we are not doing extensive verification.