run nats server in a Secure SGX Enclave

[drgorb]

Feature Request

Nats is a tremendously useful service and it would be even more useful if it were possible to run it in an SGX enclave. This would allow to verify that the server is genuine and has been installed correctly. That it is configured in a specific fashion, especially from the authorisation setup point of view.

Use Case:

Running the nats server in an SGX enclave allows the creation of a decentralised cluster of untrusted operators. This allows the creation of a tokenized cluster in a blockchain kind of setup.

Proposed Change:

Run nats in graphene

Who Benefits From The Change(s)?

The community as a whole would benefit from the ability to open up the running system in addition of opening up the source code.

Alternative Approaches

I don't know of any alternatives

[derekcollison]

We are big fans of trusted computing and look to bring the powers of that to NATS.io as we can for sure.

SGX from what I remember is not setup well to move network traffic and large amounts of data in and out of the enclave. We could look to use SGX for verification etc, but that usually has to work with a secure boot setup etc.

I could totally be wrong and may be remembering SGX incorrectly.