-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
calldata public key verification work in client #412
base: main
Are you sure you want to change the base?
Conversation
✅ Deploy Preview for oasisprotocol-sapphire-paratime canceled.
|
Re: calldata public key verification in clients To prevent RPC server MITM. This applies to all clients where you want to establish secure connection between a client app & Sapphire, without having to run your own RPC node. Signature is in the form of There are a couple of approaches which were considered:
Approach 1How frequently would If This would break previously deployed dApps if key is rotated. Approach 2This would add significant weight to every client, probably megabytes or more, and may take a fair amount of time to sync every time you start a dApp. This would be difficult in environments where outbound connections are firewalled etc. Consensus upgrades could break previously deployed dApps if protocol or light client becomes incompatible. Approach 3If key manager signing key changes the smart contract will continue signing stuff without interruption, so the key manager key can rotate etc. But, the root of trust is a key inside a smart contract on Sapphire which is embedded into the client library. This would require compromise of Sapphire compute node to extract the key before a MITM attack can be made. Approach 4Requires an outbound HTTPS connection to a domain to retrieve the key information. This would be per-chain? (e.g. Localnet, Testnet, Mainnet, Pontus-[Local/Test/Main/Dev]. Using a static URL to retrieve the key depending on Chain ID is particularly difficult with Localnet, which may not be at localhost:8545 (e.g. if it's deployed with docker swarm). |
Potential approach 5:
If MITM returns a fake public key and reads and submits your transaction: invalid encryption envelope i think |
Yup, if the RPC does MITM your tx will either fail with decryption error or will be signed by a different key (so different tx hash). This approach requires you to spend gas though, every time an app is loaded. Which will require signing from a gas paying account |
I assume it could also be a combination of things that one can use, as long as the app developer can decide what tradeoff to use. A note about light clients:
|
fd3d8a5
to
ef0dcbc
Compare
No description provided.