You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/confidential-ledger/faq.yml
+19-4Lines changed: 19 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -20,12 +20,12 @@ sections:
20
20
- question: |
21
21
How can I tell if the Azure confidential ledger service would be useful to my organization?
22
22
answer: |
23
-
Azure confidential ledger is ideal for organizations with records valuable enough for a motivated attacker to try to compromise the underlying logging/storage system, including "insider" scenarios where a rogue employee might attempt to forge, modify, or remove previous records.
23
+
Azure confidential ledger is ideal for organizations with records valuable enough for a motivated attacker to try to compromise the underlying logging or storage system, including "insider" scenarios where a rogue employee might attempt to forge, modify, or remove previous records.
24
24
25
25
- question: |
26
26
What makes Azure confidential ledger much more secure?
27
27
answer: |
28
-
As its name suggests, the ledger utilizes [Azure Confidential Computing platform](../confidential-computing/index.yml) and the [Confidential Consortium Framework](https://www.microsoft.com/research/project/confidential-consortium-framework) to provide a high integrity solution that is tamperprotected and evident. One ledger spans across three or more identical instances, each of which run in a dedicated, fully attested hardware-backed enclave. The ledger's integrity is maintained through a consensus-based blockchain.
28
+
As its name suggests, the ledger utilizes the [Azure Confidential Computing platform](../confidential-computing/index.yml) and the [Confidential Consortium Framework](https://www.microsoft.com/research/project/confidential-consortium-framework) to provide a high integrity solution that is tamper-protected and evident. One ledger spans across three or more identical instances, each of which run in a dedicated, fully attested hardware-backed enclave. The ledger's integrity is maintained through a consensus-based blockchain.
29
29
30
30
- question: |
31
31
When writing to the Azure confidential ledger, do I need to store write receipts?
@@ -36,7 +36,22 @@ sections:
36
36
How do I verify ledger's authenticity?
37
37
answer: |
38
38
You can verify that the ledger server nodes that your client is communicating with are authentic. For details, see [Authenticating confidential ledger Nodes](authenticate-ledger-nodes.md).
39
-
39
+
40
+
- question: |
41
+
Could the communication between a client and ACL be compromised by an Azure Admin, since Azure controls the TLS between client and ACL?
42
+
answer: |
43
+
The TLS connection is established between a client and a specific node running inside an enclave. As the connection terminates inside the enclave, neither Azure admins nor anyone else has access to the enclave data by virtue of the security provided by the Intel SGX specialized hardware.
44
+
45
+
- question: |
46
+
Does ACL offers querying on attributes other than the receipt/transaction ID?
47
+
answer: |
48
+
Besides querying with the receipt/transaction ID, ACL offers historical querying capability to read the data from Genesis(or within a range) for a specific key using the collection ID (also called the sub ledger ID) parameter. We would be interested to know what other attributes would be useful for querying, as we are gathering input on for our product roadmap.
49
+
50
+
- question: |
51
+
Is the data on disk encrypted separately? If so, where are the keys stored?
52
+
answer: |
53
+
When storing data on the ledger, you can choose the public or private option. The public option is not encrypted; plain-text and a good fit for certain use cases which require tamper-evident and auditable ledger use. The private option, however, is encrypted. The data is encrypted using three levels of encryption (i.e. Ledger Secrets, Ledger Secret Wrapping Key, and Recovery key Shares), which is explained in detail [here](https://microsoft.github.io/CCF/main/architecture/cryptography.html).
0 commit comments