[ranger_danger]

> the connection is guaranteed to be with a host running the software in question

a host... not necessarily the one actually serving your request at the moment, and doesn't prove that it's the only machine touching that data. And afaik this only proves the data in the enclave matches a key, and has nothing to do with "connections".

[MagicalTux]

Let me clarify, it guarantees your connection is being served by the enclave itself. The TLS encryption keys are kept inside the enclave, so whatever data is exchanged with the host, it can only be read from within the secure encrypted enclave.

[ranger_danger]

> it guarantees your connection is being served by the enclave itself

Served by an enclave, but there's no guarantee it's the one actually handling your VPN requests at that moment, right?

And even if it was, my understanding is this still wouldn't prevent other network-level devices from monitoring/logging traffic before/after it hits the VPN server.

Saying "we don't log" doesn't mean someone else isn't logging at the network level.

I think SGX also wouldn't protect against kernel-level request logging such as via eBPF or nftables.

[rasengan]

The attestation guarantees it's the one serving the request, and the encryption/decryption and NAT occurs inside the enclave so it's definitely private.