• Is Veracruz always privacy-preserving?
• What is in the global policy?
• How do you vet the global policy?
• The policy is acceptable. Now what?
• Is that use of remote attestation really sufficient to trust the delegate's container?
• Can't you just look inside the container?
• Why does the delegate trust P?
• Why is P provisioned first?
• Isn't running a secret program on data strange?
• After the program, the data is provisioned, right?
• Why should the data owners trust the program, P?
• Why does the Veracruz runtime have a lifecycle state?
• Everything's provisioned. Now what?
• Is that the computation finished?