<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re:DCAP/ECDSA and IAS in Intel® Software Guard Extensions (Intel® SGX)</title>
    <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/DCAP-ECDSA-and-IAS/m-p/1382946#M5273</link>
    <description>&lt;P&gt;&lt;B&gt;This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.&lt;/B&gt;&lt;/P&gt;&lt;BR /&gt;</description>
    <pubDate>Mon, 09 May 2022 19:17:10 GMT</pubDate>
    <dc:creator>JesusG_Intel</dc:creator>
    <dc:date>2022-05-09T19:17:10Z</dc:date>
    <item>
      <title>DCAP/ECDSA and IAS</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/DCAP-ECDSA-and-IAS/m-p/1380032#M5217</link>
      <description>&lt;P&gt;Hello,&lt;/P&gt;
&lt;P&gt;I was wondering the following: If I have a processor which only supports ECDSA attestation, like a 3rd gen Xeon scalable processor, can I still use the Intel Attestation Service for quote verification (which I currently use for the EPID attestation)?&lt;/P&gt;
&lt;P&gt;The documents I read used phrases like "can/may use your own attestation service", but nothing like "must". On the other hand, the Intel Attestation Service API description (&lt;A href="https://api.trustedservices.intel.com/documents/sgx-attestation-api-spec.pdf" target="_blank"&gt;https://api.trustedservices.intel.com/documents/sgx-attestation-api-spec.pdf&lt;/A&gt;) has 55 occurrences of the word "EPID" but 0 occurrences of the word "ECDSA". I currently have no access to a newer 3rd gen Xeon scalable processor, and thus cannot easily verify it by experimentation (I think). So, I was hoping to get some definite answer from Intel like "You can/cannot use the Intel Attestation Service to verify an ECDSA quote. Using a custom attestation service is optional/obligatory."&lt;/P&gt;
&lt;P&gt;(I understand that I am losing some privacy guarantees when using ECDSA quotes.)&lt;/P&gt;
&lt;P&gt;Thank you for your time!&lt;/P&gt;
&lt;P&gt;Armin&lt;/P&gt;</description>
      <pubDate>Wed, 27 Apr 2022 09:21:09 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/DCAP-ECDSA-and-IAS/m-p/1380032#M5217</guid>
      <dc:creator>ArminD</dc:creator>
      <dc:date>2022-04-27T09:21:09Z</dc:date>
    </item>
    <item>
      <title>Re:DCAP/ECDSA and IAS</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/DCAP-ECDSA-and-IAS/m-p/1380135#M5219</link>
      <description>&lt;P&gt;Hello Armin,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;In a DCAP environment, the &lt;A href="https://api.portal.trustedservices.intel.com/EPID-attestation" rel="noopener noreferrer" target="_blank"&gt;Intel Attestation Services (IAS)&lt;/A&gt; does not verify the enclave. IAS is used to verify enclaves only for EPID-based attestation.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;For ECDSA attestation, the service provider must build their own attestation service using the &lt;A href="https://github.com/intel/SGXDataCenterAttestationPrimitives" rel="noopener noreferrer" target="_blank"&gt;DCAP primitives&lt;/A&gt;. The service provider/relying party verifies the SGX platform using the &lt;A href="https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/QuoteVerification" rel="noopener noreferrer" target="_blank"&gt;DCAP Quote Verification Library&lt;/A&gt;.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;For DCAP, the &lt;A href="https://api.portal.trustedservices.intel.com/provisioning-certification" rel="noopener noreferrer" target="_blank"&gt;Intel Provisioning Certification Service&lt;/A&gt; provides PCK certificates, TCB info, revocation lists, and quoting enclave identity to the service provider so that the service provider can perform the attestation.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;The &lt;A href="https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/DCAP_ECDSA_Orientation.pdf" rel="noopener noreferrer" target="_blank"&gt;Intel DCAP Product Brief&lt;/A&gt; explains how all these pieces fit together.&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;Sincerely,&lt;/P&gt;&lt;P&gt;Jesus G.&lt;/P&gt;&lt;P&gt;Intel Customer Support&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;BR /&gt;</description>
      <pubDate>Wed, 27 Apr 2022 16:21:45 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/DCAP-ECDSA-and-IAS/m-p/1380135#M5219</guid>
      <dc:creator>JesusG_Intel</dc:creator>
      <dc:date>2022-04-27T16:21:45Z</dc:date>
    </item>
    <item>
      <title>Re: DCAP/ECDSA and IAS</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/DCAP-ECDSA-and-IAS/m-p/1380340#M5222</link>
      <description>&lt;P&gt;Thank you, this provides all the information I needed. Have a nice day!&lt;/P&gt;</description>
      <pubDate>Thu, 28 Apr 2022 07:59:04 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/DCAP-ECDSA-and-IAS/m-p/1380340#M5222</guid>
      <dc:creator>ArminD</dc:creator>
      <dc:date>2022-04-28T07:59:04Z</dc:date>
    </item>
    <item>
      <title>Re:DCAP/ECDSA and IAS</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/DCAP-ECDSA-and-IAS/m-p/1382946#M5273</link>
      <description>&lt;P&gt;&lt;B&gt;This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.&lt;/B&gt;&lt;/P&gt;&lt;BR /&gt;</description>
      <pubDate>Mon, 09 May 2022 19:17:10 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/DCAP-ECDSA-and-IAS/m-p/1382946#M5273</guid>
      <dc:creator>JesusG_Intel</dc:creator>
      <dc:date>2022-05-09T19:17:10Z</dc:date>
    </item>
  </channel>
</rss>

