Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Endorser logic is overly restrictive #3277

Open
dbluhm opened this issue Oct 7, 2024 · 1 comment
Open

Endorser logic is overly restrictive #3277

dbluhm opened this issue Oct 7, 2024 · 1 comment

Comments

@dbluhm
Copy link
Contributor

dbluhm commented Oct 7, 2024

I think the author endorser code prevents the author from performing some operations that are actually permitted by the network.

As it stands, every operation that can generate a transaction requires the full transaction request exchange between the author and the endorser. However, the default Indy auth rules don't require an endorser to sign every transaction. See: https://hyperledger-indy.readthedocs.io/projects/node/en/latest/auth_rules/

To list the notable transaction types that don't require endorsement:

  • Nym txns rotating a key (true also for diddocContent, though it's not specifically listed in the table linked above)
  • attrib txns where the submitter is the owner of the nym of the attrib
  • revocation registry entries

I have not yet verified my interpretation of these auth rules. But, even if it is true for the default values, these rules are, of course, configurable. One network may be more strict than another. I think this indicates that we should base the behavior of the endorser code on the current auth rules, obtained from the ledger to which we are attempting to publish.

Without this, we are overburdening endorsers with transactions they don't actually need to care about for the connected network. Additionally, not giving the author the ability to update their own nym directly potentially widens the window of vulnerability if a key is compromised. I'm not sure there's much value in the endorser gatekeeping that kind of an update to the ledger to begin with.

@dbluhm
Copy link
Contributor Author

dbluhm commented Oct 8, 2024

I confirmed using Indicio's test network (default auth rules right now) that my understanding of how the auth rules apply is correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant