oak icon indicating copy to clipboard operation
oak copied to clipboard

Published 20 hours ago verified publisher icon project-oak

Support Interactive Attestation over gRPC streams

Open jul-sh opened this issue 1 year ago • 1 comments

Context

To remotely attest an Oak instance a client performs a remote attestation handshake. This takes place using a sequence of messages, as shown below: Screen Shot 2022-09-09 at 4 33 37 pm

Messages belonging to the same sequence are linked using a session_id. The client generates a unique session_id at the start of the handshake, and includes it in every request. Communication between the client and untrusted launcher takes place over unary gRPC messages.

Objective

As an alternative to unary gRPC messages, the client and untrusted launcher should be able to communicate over a gRPC stream.

The contents and sequence of the messages exchanged in this scenario will remain the exact same. Communication between the untrusted launcher and trusted runtime will remain the same. The runtime logic will remain the same.

In this scenario the stream would only act as a proxy for stickyness, ensuring a consistent connection between the client and the same Oak instance.

Tasks

  • [ ] Define a streaming service
  • [ ] Expose a streaming endpoint on the untrusted launcher
  • [ ] Implement a client that connects to the streaming endpoint

jul-sh avatar Sep 09 '22 15:09 jul-sh

cc @tiziano88 @ipetr0v

jul-sh avatar Sep 09 '22 15:09 jul-sh

We are moving away from using the interactive attestation between the client and server.

conradgrobler avatar Nov 25 '22 13:11 conradgrobler