Skip to content

Implement DoubleZero IP Proof Service to verify user ownership of claimed public IPs before allowing connections. #1634

@juan-malbeclabs

Description

@juan-malbeclabs

Introduce an IP Proof Service to prevent malicious users from preemptively claiming IP addresses they do not own.

https://www.notion.so/malbeclabs/Risk-Assessment-Unauthorized-IP-Claim-in-DoubleZero-Onboarding-26bfef22bebe802cb593d13fd905cfa4

Rationale

Currently, users can request an AccessPass with any IP, creating a risk where a malicious actor could block the legitimate operator by claiming their IP first. To mitigate this, DoubleZero should provide a verification mechanism proving that the requester actually controls the public IP being registered.

Proposed Solution

  • Create a DoubleZero IP Proof Service that:
    1. Receives a request from the CLI containing the user_payer identity.
    2. Observes the requester’s public IP.
    3. Issues a signed proof object including:
      • user_payer identity
      • observed public IP
      • current epoch
      • a DoubleZero signature
    4. Returns the proof to the CLI, which then submits it to the Serviceability program.
  • Update the CreateUser instruction in Serviceability to validate this proof before establishing a connection.

Expected Outcome

Only users who can cryptographically prove ownership of their public IP will be able to claim it, ensuring security and preventing IP hijacking.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions