fitzthum
commented
2 days ago Also note that different tokens store the tee pubkey in different places. We have the logic to extract this in the attestation code, which is not very generic. We might want to move this logic into the token verifier code.
Today we have to select which token verifier we want to use at configuration time. The KBS can't handle connections from multiple guests that got their tokens from different types of verifiers.
This probably isn't too big of a deal, but worth noting.