lbdvt
commented
7 months ago I strongly support the need for support of TEEs running in non-public-cloud environments, as Ad tech companies should have the ability to choose between hosted or cloud-based infrastructure. That's a key decision from a cost and operation perspective.
rdgordon-index
From fledge-docs created by thegreatfatzby: privacysandbox/fledge-docs#34
This was one of my questions originally in issue #29 , but after some internal discussion I wanted to be more specific and dig in on this one in particular.
TEEs I am no security expert, so if there's something very obvious here than apologies, but has any consideration been given to TEEs running in non-public-cloud environments but providing the necessary constraints, attestations, etc, through some combination of technical and audit requirements? I ask because one of the twix-inesses I see here is that Ad Techs (at least the one I work for) will likely continue to have to support some set of existing use cases outside of a Fledge/Parakeet context, and those use cases are of size anywhere between non-trivial and quite substantial. Having to setup a TEE inside of a non-public-dc with some set of even relatively "intrusive" requirements could be preferable to forcing network and system topologies.