What problem does RA-TLS solve that isn't solved by just keeping your TLS private keys inside an enclave?

[fwoodruff]

Say I run some HTTPS service inside Gramine. I store the SSL private key (.pem) as an encrypted file in my manifest. Since, only the enclave has the private key, only the enclave can generate signatures. No one else can forge signatures. The enclave has thus proven that it is the owner of the private key.

What else is left to prove about the enclave? What else does RA-TLS do?

If we store the private key outside the enclave, then anyone can sign anything, so I haven't considered this possibility.

[dimakuv]

I store the SSL private key (.pem) as an encrypted file in my manifest.

How do you provision the encryption key for this file? There is a chicken-and-egg problem here: to decrypt the SSL private key file, you need to provision the encryption key, and to provision the encryption key, the remote party must make sure that the Gramine SGX enclave is trustworthy. How do you solve this problem?

Basically, if you can solve the above problem (by e.g. using some other protocol to get the encryption key), then indeed you don't need RA-TLS.