Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement makePublisherKit for sealed publishers #4331

Closed
Tracked by #5354
gibson042 opened this issue Jan 20, 2022 · 3 comments
Closed
Tracked by #5354

Implement makePublisherKit for sealed publishers #4331

gibson042 opened this issue Jan 20, 2022 · 3 comments
Assignees
@gibson042
Labels
duplicate notifier read-no-tx topic: reading from the chain without a transaction wallet
Milestone
Mainnet 1 RC0

Comments

@gibson042
Copy link
Member

gibson042 commented Jan 20, 2022
edited by michaelfig
Loading

What is the Problem Being Solved?

Agents such as the on-chain wallet need access to notifiers that may convey private data or closely-held objects.

Description of the Design

Consuming code with access to a sequence of sealed data messages and a (non-public) "unsealer" facility can make a Notifier for each message in the sequence that has been extracted using the unsealer. Code with access to a Notifer and a (non-public) "sealer" facility that is the complement of the unsealer can make a sequence of sealed data messages, one per result of the Notifier.

One such sealer/unsealer is a marshal serialize/unserialize which produces and consumes slots according to a private namespace or clist. Another one may use a public namespace.

We can go further and extend this support to Subscriptions as well as Notifiers, with the pattern of composing a Notifier<[sealedCurrentState, Subscription<sealedDelta>]> where the latest notifier state can be queried to conserve bandwidth.

Security Considerations

Consumption of the sequence of messages without access to the unsealer must not be able to reveal any private or closely-held contents, within the limits of the actual implementation of the sealer.

Test Plan

TBD
@michaelfig michaelfig changed the title Implement confidential notifiers Implement sealed notifiers Jan 20, 2022
@Tartuffo Tartuffo removed the MN-1 label Jan 21, 2022
@Tartuffo Tartuffo added the MN-1 label Feb 2, 2022
@Tartuffo Tartuffo removed the MN-1 label Feb 7, 2022
@Tartuffo Tartuffo assigned gibson042 and unassigned michaelfig Feb 24, 2022
@Tartuffo Tartuffo added this to the Mainnet 1 milestone Mar 23, 2022
@Tartuffo
Copy link
Contributor

@gibson042 per discussion in wallet meeting, we believe this has been designed between you and @michaelfig so removing the needs-design label.

@gibson042 gibson042 mentioned this issue May 13, 2022
Closed
@michaelfig michaelfig changed the title Implement sealed notifiers Implement makePublisherKit for sealed publishers May 19, 2022
@michaelfig
Copy link
Member

I suggest creating @agoric/publisher to export makePublisherKit and makeSubscriber

  • Contracts should accept one or many publisher kits as optional private terms, and default to an unparameterised makePublisherKit which produces just the basic prefix-lossy subscription kit.
  • The creator of a publisher kit would specify:
    • A jsonPublisher for JSONable-only data transport (i.e. a simple wrapper for the event stream+merkle tree storage)
    • An optional ocap sealer (e.g. obtain board IDs or clist integers for them) for marshalling and transmission via the jsonPublisher. The default sealer just throws if asked to seal an ocap.
  • The sealer would also embed the recommended unsealer parameters as part of the publication so it is mostly self-describing.
  • Sophisticated subscribers can inspect the publication, and override the default unsealer with their own custom version.

@michaelfig michaelfig mentioned this issue May 19, 2022
Closed
@dckc dckc mentioned this issue May 24, 2022
Closed
@dckc dckc added the read-no-tx topic: reading from the chain without a transaction label May 31, 2022
@Tartuffo
Copy link
Contributor

Tartuffo commented Jun 6, 2022

Doing this differently, per #4398.

@Tartuffo Tartuffo closed this as completed Jun 6, 2022
@dckc dckc mentioned this issue Jun 27, 2022
Closed
11 tasks
@dckc dckc added the duplicate label Jul 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gibson042 gibson042

Labels
duplicate notifier read-no-tx topic: reading from the chain without a transaction wallet
Projects
None yet
Milestone
Mainnet 1 RC0
Development

No branches or pull requests
4 participants
@dckc @michaelfig @Tartuffo @gibson042