I am currently working on a project trying to leverage the Intel SGX. My only concern is the Remote Attestation service has to contact to Intel's centralized IAS. It really makes us concern about our customers' privacy and our services are totally dependent on Intel side. I am wondering if some kind of distributed IASs are possible in the future? Is it possible that my company can hold an IAS-like service to verify the hardware ourself? I guess most of you have already thought about that. Hope someone could give me more details here.
I would appreciate any help!