oak
oak copied to clipboard
project-oak
Rename RKernel SDK modules
This PR:
- Splits
instance_attestationintoattestationandcryptomodules- Because
attestationmodule will be removed once we have an Orchestrator for RKernel - And
cryptomodule will contain the logic for both Instance and Group keys
- Because
- Renames
mock_attestationtotestingsince it not only contains the attestation logic but also the crypto logic
What is the migration plan for our clients?
Internal clients depend on a specific commit. So once we submit this PR, we would be able to update their code that reference them to the new commit
I don't have a strong objection to merging this.
But the rationale for the original naming choice of attestation that the provided crypto functions operate with keys that are specifically bound to the attestation. — Even if we remove the struct get the evidence itself, the signing and encryption keys are still bound to it.
@ipetr0v How would you want to handle group attestation if we support it in the future? The current mod was called instance_attestation, so we'd have the option of additionally offering an additional group_attestation mod in the future.
I don't have a strong objection to merging this.
But the rationale for the original naming choice of
attestationthat the provided crypto functions operate with keys that are specifically bound to the attestation. — Even if we remove the struct get the evidence itself, the signing and encryption keys are still bound to it.@ipetr0v How would you want to handle group attestation if we support it in the future? The current mod was called
instance_attestation, so we'd have the option of additionally offering an additionalgroup_attestationmod in the future.
There will be no group attestation, only group encryption. So GroupEvidenceProvider will not be there. And GroupKeyHandle will be in the crypto module.
Also I think from the point of view of our clients crypto is not a part of the attestation. It's definitely bound to it, but it's a separate logic on top of this.