-
Notifications
You must be signed in to change notification settings - Fork 276
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: rendezvous #56
RFC: rendezvous #56
Conversation
also, peer ids in unregistrations.
Also specify a minimum upper bound of 72hrs and an E_INVALID_TTL status code.
and some more error codes.
We should make sure that rendezvous doesn't allow registering arbitrary peers under a namespace. Basically, the peer id in the register request should match the peer id of the peer initiating the request, otherwise this is a potential DDoS vector. I know we're communicating the peer id in our register requests, so this might be already covered, but its worth pointing out. |
Great point, care to suggest wording in the spec to clarify this? |
rendezvous/README.md
Outdated
The rendezvous protocol provides facilities for real-time peer | ||
discovery within application specific namespaces. Peers connect to the | ||
rendezvous point and register their presence in one or more | ||
namespaces. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As suggested in #56 (comment), this point can be worded as:
No arbitrary peers are allowed to be registered under a namespace, only the peer initiating the register request is allowed to register itself.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a clarification as suggested in #56 (comment)
Another point that was discussed in Glasgow was the addition of a Proof of Work function for registration. A PoW function (like equihash) would add some minimum work/time before the registration is accepted, significantly limiting the damage a single attacker can do without committing considerable resources. |
Also discussed in Glasgow -- the registration function, apart from PoW, should return the actual TTL of the registration so that a background process can re-register when appropriate. |
For the PoW function, would we apply that to every registration? So if an app wanted to register to multiple namespaces they would require a PoW for each and each subsequent re-registration on TTL expiration? Would it be valuable to add some concept of limited multi registration in combination with the PoW function to balance this out? |
Except from @dirkmc comment regarding the cookie keyword, the current state of the spec looks good to me. Moreover, totally agree with the addition of the PoW function. And subscribe @jacobheun questions about finding a balance to this function. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks quite good. let's add a bit about proof of work. a thought: should the difficulty be configurable? perhaps upon connection there could be a simple handshake to share the difficulty setting?
Hey guys, This looks like a great feature to have as there is no 'standard' mechanism for discovery when building a P2P networking using libp2p. Does anyone know when this will be merged ? |
Where can we find impl status? |
With regards to the proof-of-work function, there are questions above about whether to make the difficulty configurable and what the default proof-of-work required for registration should be. You might consider the "hashcash auction" technique to allow the clients to determine the difficulty of the proof-of-work amongst themselves in a bottom-up, decentralized way: https://chr15m.github.io/hashcash-auctions-for-decentralized-resource-allocation.html You don't need to read the post to understand the basic idea which is as follows:
There are three beneficial outcomes from this scheme:
|
There are two things to keep in mind when considering proof of work:
Really, I'm more worried about the first issue. The second issue will always come down to the fact that honest nodes will need to spend enough to overcome malicious nodes. @chr15m my worry with your proposal is 1. It would be pretty easy to completely lock-out mobile users by driving the PoW cost up. |
@Stebalien yes those are important concerns. Under the scheme I outlined the server does not perform any proof-of-work. It is specifically design to protect the people you are worried about: those running servers as a public service. The idea is to allow such resource volunteers certainty that their offering can't be abused by anonymous clients. The clients are the ones who must perform proof-of-work. With regards to 1, @vyzo mentioned Equihash which is memory-hard rather than CPU-hard and possibly therefore friendlier to mobile phones. Scrypt is another alternative with good pure-JS presence in browsers. For this particular use-case where most registration servers will have spare capacity it should not be a big issue since the PoW will be negligible for all clients anyway. Only in the situation of massive DoS of multiple registration servers will mobile clients find a harder time registering than higher powered CPU machines and that situation would hopefully be extraordinary in any case. |
I'm not really a fan of memory hard problems (at least for use cases like this):
|
@Stebalien yes good points. Of course, using plain PoW under a fixed/configurable difficulty setting also suffers from the issues you have mentioned. Of course the real question is whether using PoW provides better protection and features than no PoW at all, and further, whether using the "hashcash auction" scheme outlined provides better protection and features than plain fixed difficulty PoW. |
Changes:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The draft of the spec looks good. We can merge this and handle any iterations, such as Proof of Work, in subsequent PRs as we finalize the spec.
Only thing I can see missing is adding the
E_UNAVAILABLE
which will be used when registrations are happening too fast or it's generally overloaded with the already registered clients.Previous: #44 (mostly doesn't load)