aljaz251d ago" If the application developers own the hardware, you must trust that they are genuinely utilizing secure enclaves." - thats why you have attestation, you should be able to verify that the key coming from the enclave really comes from the enclave due to hardware manufacturers publishing the issuing certs so the ownership of the hardware shouldn't really change anything if you can attest to the code running and encryption
💬 1 replies
Replies (1)
Basanta Goswami251d agoYeah attestations do solve that problem. Specially if the frontend app you are using is open source, or decoupled from the backend or attestation related service. I was more thinking about the trymaple.ai product, where both the frontend and the CC based backend are owned by OpenSecret, so you have to trust that the frontend is actually doing the verification
0000 sats