Consider datagram networking (UDP)

[jethrogb]

Currently, the Fortanix SGX ABI only supports stream networking. This is sufficient for most use cases. No decision has been made whether to add datagram networking in the future or not. Some things to consider:

• What part of the BSD sockets API is necessary to support datagram networking? How does the Fortanix SGX ABI need to be expanded?
• Does datagram networking have a big enough role to play in microservices/distributed systems?
• Are there sufficient options to securely use datagram networking (DTLS?)?
• Is the added complexity worth it?
• Can it be implemented instead as a userspace service that is accessed via a stream?

[briansmith]

• Does datagram networking have a big enough role to play in microservices/distributed systems?

Yes, soon, because of HTTP/3, which is based on QUIC, which is UDP-based.

Are there sufficient options to securely use datagram networking (DTLS?)?

Yes, soon, via QUIC, which is similar to DTLS.

[jethrogb]

@briansmith Thanks, that does sound like a compelling reason.

[jethrogb]

Actually, reading some more, QUIC just provides a byte stream abstraction. So while it may use UDP to do the underlying communication, streams still seem like the appropriate abstraction to expose to the application. I think all the QUIC handling could and should be done outside the enclave.

[jethrogb]

I did some more reading and my previous comment is not correct. Still, I don't think all of QUIC should be handled in the enclave. I'll come back to this later.