From d8a070ad281b8fb8fed788d2d2c293f8bb343210 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Tue, 24 Aug 2021 19:07:05 +0200 Subject: persisted pads from meeting minutes --- archive/2021-08-24-checkpoint-otherdata | 59 +++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 archive/2021-08-24-checkpoint-otherdata (limited to 'archive/2021-08-24-checkpoint-otherdata') diff --git a/archive/2021-08-24-checkpoint-otherdata b/archive/2021-08-24-checkpoint-otherdata new file mode 100644 index 0000000..94caca0 --- /dev/null +++ b/archive/2021-08-24-checkpoint-otherdata @@ -0,0 +1,59 @@ +Background + * The current checkpoint format leaves the [otherdata] section undefined + * (The format of [otherdata] is inferred from a log's unique identifier) + +Impact on believers + * None, makes sense that each ecosystem knows their own format + +Impact on witnesses + * If witnesses disregard [otherdata] while cosigning: none + * Otherwise: may complicate witness configuration and support for [otherdata] + +The problem in more detail + * (Let's not focus on if these extensions are good ideas or not. It's an example.) + * Suppose ecosystem A uses a checkpoint extension that adds a timestamp + * First line of otherdata: + * "A witness must only sign a checkpoint if its timestamp is in [now-diff, now]" + * Now ecosystem B comes along + * "We want timestamp verification too as in ecosystem A" + * "Some witnesses support that, just pass 'ecosystem A' as log metadata" + * (A little hacky but works) + * Now ecosystem C comes along + * "We want a timestamp as in ecosystem A and B" + * "We also want a secondary root hash because we operate a log-backed map" + * Unless witnesses change they will not understand 'ecosystem C' as log metadata + * This is unfortunate if witnesses actually do understand the timestamp part :< + +Prediction + * If [otherdata] catches on, each log ecosystem will do their own thing + * This may lead to compatibility issues like the one described above + +Mitigation + * A well-defined [otherdata] format that is generally useful would go a long way + +Example: an unordered key-value format + * Identifier: 'checkpoint key-value format' + * Might be communicated on the first line in [otherdata] + * Would affect the current checkpoint format + * Might be communicated as external checkpoint metadata + * Would not affect the current checkpoint format + * Would probably be good with a 'recommended usage' section though + * "If you want witnesses to look into [otherdata], think about X else Y" + * Grammar + * Each line is composed of = + * A line is an extension that is named + * A key must not contain '=' + * A line must adhere to the usual checkpoint v0 restrictions, e.g., no '\n' + +What we gained from this example: + * Witnesses that peek into [otherdata] would probably have used a common format + * Ecosystem A would probably have used that format to define a timestamp extension + * verified-timestamp= + * Ecosystem C could come along and set their [otherdata] to: + * map-hash= + * verified-timestamp= + * Now a witness that speaks 'checkpoint key-value format' and which enforces the 'verified-timestamp' extension can do that regardless of if they know 'map-hash' + +Conclusion + * Allowing witnesses to peek into [otherdata] can get messy. + * We can probably avoid this mess by having a recommended or forced [otherdata] usage -- cgit v1.2.3