Hello, i have few questions about the remote attestation message flow
- how does the ISV enclave know that it is communicating indeed with the intended ISV server.
- shoud we always put the ISV server certificate as part of the enclave/application?
- does the quoting enclave encrypt the quote with IAS public key? Would that mean that the service provider wouldnt be able to do anything on the quote except forward it to the IAS
- is the communication between IAS the service privider secure
The details of the remote attestation message flow is documented at https://software.intel.com/en-us/articles/intel-software-guard-extensions-remote-attestation-end-to-end-example#msg0
In addition, this online resource goes into the message flow, how the secure session is established https://software.intel.com/en-us/node/709016 and how the secret key can be sent into the Enclave.