sama
Reputation: 341
DCAP and EPID attestation
There are two different attestation mechanism which can be used for remote and local attestation in intel SGX . Does any one know what are the differences between DCAP and EPID attestation in Intel SGX?
Upvotes: 1
Views: 370
Answers (2)
José Braga
Reputation: 19
Intel has replaced EPID with their TrustAuthority service. EPID effectively shutdown EPID's dev endpoint on September 29, 2024, and production EPID is end-of-life on Apr 2, 2025.
Upvotes: 0
X99
Reputation: 915
EPID is a "standard" attestation mode, where, very basically:
- a client enclave contacts an attestation server
- at a point during the process, the server will contact Intel's Attestation Server to fetch information about the requesting enclave
- based on this information, it will decide whether it trusts the requesting enclave or not.
DCAP is almost the same, but it doesn't involve Intel's Attestation Server. It's, basically, made for contained architecture that cannot allow a frequent communication with Intel.
Upvotes: 1
Related Questions
- Identityserver4 ldap scenario
- Using IdentityServer4 with DataProtection API for token signing
- CDA Authentication Parameters
- Intel SGX remote attestation sample code
- Securing Prometheus with user id and password
- SGX Quote attestation with IAS
- IdentityServer4 first acceptance test
- Local attestation with Intel SGX
- LDAP injection issue in checkmarx:
- Passing X509 value to LDAP server