this morning i went back to the question of what actually stops a fake TEE node from registering on OpenGradient and pretending to be legitimate....
heres the mechanic. before a TEE node can serve requests on OpenGradient, it has to register on-chain through the ITEERegistry smart contract. registration requires the raw AWS Nitro attestation document, an RSA signing public key, a TLS certificate, a payment address, and endpoint information. full nodes then check the attestation against the AWS root certificate, match PCR values against approved code hashes, and confirm the TLS certificate binding matches the attestation's user data....
registration.not just a claim....
what i think matters here is that none of these checks rely on OpenGradient or anyone else vouching for the node manually. the AWS root certificate chain and the on-chain PCR comparison do the actual gatekeeping. $OPG settlement only flows to nodes that pass this registration, not to anyone claiming to run a TEE....
i actualy find this reassuring in a narrow way. trust comes from a hardware vendor's attestation chain plus an on-chain registry, not from OpenGradient's own say-so about which nodes are legitimate....
but i wont pretend registration alone guarantees ongoing good behavior. passing registration once proves the enclave was running approved code at that moment, not that it stays that way forever without re-verification....
dealt with a service once that verified credentials at signup and never checked again, and the gap got exploited eventually....
what i still cant resolve is how often a registered TEE node needs to re-attest after initial registration, or whether the network treats the first attestation as permanent until something flags it??
