This article answers frequently asked questions about Azure confidential ledger.
How can I tell if the Azure confidential ledger service would be useful to my organization?
Azure confidential ledger is ideal for organizations with records valuable enough for a motivated attacker to try to compromise the underlying logging or storage system, including "insider" scenarios where a rogue employee might attempt to forge, modify, or remove previous records.
What makes Azure confidential ledger much more secure?
As its name suggests, the ledger utilizes the Azure Confidential Computing platform and the Confidential Consortium Framework to provide a high integrity solution that is tamper-protected and evident. One ledger spans across three or more identical instances, each of which run in a dedicated, fully attested hardware-backed enclave. The ledger's integrity is maintained through a consensus-based blockchain.
When writing to the Azure confidential ledger, do I need to store write receipts?
Not necessarily. Some solutions today require users to maintain write receipts for future log validation. This requires users to manage those receipts in a secure storage facility, which adds an extra burden. The ledger eliminates this challenge through a Merkle tree-based approach, where write receipts include a full tree path to a signed root-of-trust. Users can verify transactions without storing or managing any ledger data.
How do I verify ledger's authenticity?
You can verify that the ledger server nodes that your client is communicating with are authentic. For details, see Authenticating confidential ledger Nodes.
Could the communication between a client and ACL be compromised by an Azure Admin, since Azure controls the TLS between client and ACL?
The TLS connection is established between a client and a specific node running inside an enclave. As the connection terminates inside the enclave, neither Azure admins nor anyone else has access to the enclave data by virtue of the security provided by the Intel SGX specialized hardware.
Does ACL offers querying on attributes other than the receipt/transaction ID?
Besides querying with the receipt/transaction ID, ACL offers historical querying capability to read the data from Genesis(or within a range) for a specific key using the collection ID (also called the sub ledger ID) parameter. We would be interested to know what other attributes would be useful for querying, as we are gathering input on for our product roadmap.
Is the data on disk encrypted separately? If so, where are the keys stored?
When storing data on the ledger, you can choose the public or private option. The public option is not encrypted; plain-text and a good fit for certain use cases which require tamper-evident and auditable ledger use. The private option, however, is encrypted. The data is encrypted using three levels of encryption (i.e. Ledger Secrets, Ledger Secret Wrapping Key, and Recovery key Shares), which is explained in detail here.
How can I manage users on a ledger?
Can Microsoft help me manage users on a ledger I have created?
No. Once a ledger is created, Microsoft has no access to user management.
I've created a ledger without an administrator. Can I still add users?
If you create a ledger without an administrator, the AAD/cert gets admin rights. That identity can be used to manage the ledger.