From 1d268b9634be788f756dd847d187c77e1744c10b Mon Sep 17 00:00:00 2001 From: Philipp Winter Date: Sun, 17 Nov 2024 09:44:40 -0600 Subject: [PATCH] Update README. --- README.md | 47 ++++------------------------------------------- 1 file changed, 4 insertions(+), 43 deletions(-) diff --git a/README.md b/README.md index c06bfeb..7b3869f 100644 --- a/README.md +++ b/README.md @@ -1,43 +1,4 @@ -
- Nitriding logo -
- ---- - -Nitriding is a Go tool kit (consisting of two services) that helps you run your application inside an -[AWS Nitro Enclave](https://aws.amazon.com/ec2/nitro/nitro-enclaves/). -Let's assume that you built a Web service in Rust. You can now use nitriding to -move your Rust code into a Nitro Enclave, which provides two key security properties: - -1. At runtime, Nitro Enclaves are effectively a sealed black box. Nobody can observe your application's state at runtime: not you, not Amnesic Systems, and not even AWS. This makes it possible to process sensitive data _without ever seeing the data_. -2. Optionally, using remote attestation, your users can verify (over the Internet) that you run the code you claim to run. This requires that your application is open source. - -The diagram below illustrates how nitriding works. -Gray components are provided by AWS, -blue components are provided by nitriding, -the yellow component is provided by you, -and the brown component is your user – if you have users. -Nitriding helps you run your application (which is bundled as a Docker image) -inside a Nitro Enclave while abstracting away the pitfalls of working with enclaves. -In particular: - -* Nitriding provides a [tun](https://docs.kernel.org/networking/tuntap.html) interface inside the enclave, enabling seamless networking for your application. Your application can listen for incoming connections and establish outgoing connections without having to worry about tunneling network traffic over the enclave's VSOCK interface. - -* Nitriding's TCP proxy does not see your network traffic; it blindly forwards end-to-end encrypted packets. If your application speaks HTTPS, nitriding can act as a TLS-terminating HTTP reverse proxy. If your application speaks another protocol, you are responsible for the encryption layer. - -* Nitriding exposes an HTTPS endpoint for remote attestation, allowing your users to verify over the Internet that you run the code you claim to run. You don't have to worry about the nuances of remote attestation. - -* While nitriding is built in Go, it is application-agnostic: As long as you can bundle your application in a Docker image, you can run it using nitriding. You are free to use your favorite tech stack. - -
- Nitriding architecture -
- -## More documentation - -* [How to use nitriding](doc/usage.md) -* [System architecture](doc/architecture.md) -* [HTTP API](doc/http-api.md) -* [Horizontal scaling](doc/key-synchronization.md) -* [Example application](example/) -* [Setup enclave EC2 host](doc/setup.md) +> [!NOTE] +> Nitriding is deprecated in favor of +> [veil](https://github.com/Amnesic-Systems/veil) -- a cleaner, faster, and more +> robust re-implementation.