-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Docs] AAT related comments & documentation improvements #1598
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for sharing the PR, it is very helpful in showing how AATs work.
One extra suggestion: would be great if we could reference several of the files that are touched here in a list of docs/code to look at to learn how the relays and proofs work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree with @adshmh here; this is great improvement in clarity and providing context. Thanks a lot.
Would you be open to tackle this one yourself? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the main purpose of this PR is to add description about AAT rather than general documentation improvement. Can you update the PR description?
- This PR contains redundant descriptions. Can you put the most detailed description in .md file under doc/specs or in https://github.com/pokt-network/docs-v2, and make other places refer to it? Code comments should be kept simple.
- I see some comments are not necessary because they're just rephrasing a code.
- Regarding AAT, I know PNF or Grove are introducing a new term "Gateway" to call what is used to be called "Client". Having a comment like "(a.k.a gatewayPubKey)" everywhere is confusing. In v0 code, can we just keep using clientPubKey? Since it's defined as clientPubKey in the code, it's just clientPubKey.
- You emphasize "appPubKey and clientPubKey may or may not be the same", but I think it's not that important. It's ok to say it in application-auth-token.md as a note, but not as code comments.
This pull request has been mentioned on Pocket Network Forum. There might be relevant details there: https://forum.pokt.network/t/block-sizes-claims-and-proofs-in-the-multi-gateway-era/5060/9 |
@msmania @kutoft @ezeike @nodiesBlade @commoddity @adshmh Wanted to bump this PR. PTAL when you have a chance. |
5c7c13b
to
0054870
Compare
doc/specs/application-auth-token.md
Outdated
decomposed into two options: | ||
|
||
1. **Application Key != Client Key ** - Recommended for all Gateways. | ||
2. **Application Key == Client Key** - Recommended for independent Applications that are not Gateways. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This part is still confusing to me. Having "Recommended for all Gateways" and "Recommended for independent Applications that are not Gateways" in the same list doesn't sound right. The first item says "for gateways" while the second item says "for Applications", but these are two different concepts. Application is not Gateway.
I think it's fair to say we create AAT for gateways because a gateway (aka client, relayer) is a program to use AAT. Then the second case confuses me. Do you mean there is a situation where we can use AAT without any gateways? Can you elaborate that case a little bit more?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should watch my talk! https://www.youtube.com/watch?v=jVW-3lRzVT0&t=1s
Docs also updated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added this:
_Note: Please note that option 2 is only shown for theoretical purposes. Due to
the scaling limitations of Morse (v0) implemented in `pocket-core`, Gateways
have to be used. The original design / intention of Pocket, and how Shannon (v1)
will operate is support both modes._
If this is not enough and you want me to write out the whole story, I'd rather just delete these updates ot the docs altogether.
Lmk what you prefer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, looks like we're not yet on the same page. Before just stepping back, let's discuss it more. I think it's important. If I miss something, I want to know it.
First of all, I watched https://www.youtube.com/watch?v=jVW-3lRzVT0. That was a great talk!
I watched "Sovereign Application" part at around 15:00 carefully and if I understand that part correctly, the Sovereign Application scenario still requires a gateway, right? As you said "they talk to the suppliers themselves" in the talk, they have their own program to submit relays, which is a gateway.
I guess you're calling only a delegated client "gateway". If so, "gateway" is just one usecase of "client" and we can't say "client, aka gateway". Whether it's delegated or not, a client is a program to submit relays. Actually I personally prefer calling it "relayer".
Anyway, the question is if "Sovereign Application" operator doesn't delegate the relayer part to anyone and opereates it themselves, is it recommended to use the same key for the Gateway and App? My answer is no.
To me, this question is almost the same as "can we use the same password for multiple services, like Amazon.com account and Google account?". The benefit from doing that is we can reduce the number of passwords to be managed, but of course the answer is "we can, but it's not recommended because it sacrifices security".
I think Application/Gateway has the same story.
In whatever scenario, a gateway program needs to access client private key to send a request. It needs to load the key in a raw format at some point. Access to application private key, on the other hand, is not required if they precreate an AAT. And if they do so, even if their server is hacked, application private key is safe. Good. If they use the same key for Client and Application, application private key is leaked when their client is hacked, and the staked tokens will be at stake really.
Maybe I'm getting paranoid to this. Probably the server will not be hacked. Managing less private keys is more beneficial. But if you recommend something, you need to clarify pros and cons, and explain why. Otherwise people cannot choose which fits their system "Application Key != Client Key" or "Application Key == Client Key" .
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The goal is to deprecate pocket-core
and focus on poktroll
, so I don't want to make a big deal out of this. This was a "side quest".
How about I just delete this part of the documentation to avoid confusion and paranoia?
👍?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We discussed in Discord and agreed:
- We should not bring Shannon concepts to this repo
- Client in v0 is not Gateway in Shannon
- Client pubkey may be the same as App pubkey, but it's not recommended in v0
doc/specs/cli/apps.md
Outdated
@@ -61,38 +61,31 @@ Transaction submitted with hash: <Transaction Hash> | |||
pocket apps create-aat <appAddr> <clientPubKey> | |||
``` | |||
|
|||
Creates a signed application authentication token \(version `0.0.1` of the AAT spec\), that can be embedded into | |||
application software for Relay servicing. Will prompt the user for the `<appAddr>` account passphrase. | |||
This CLI is hard-coded to generate an AAT with spec version 0.0.1. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please update this to match the actual command output.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was the output. How should I update the docs?
pocket apps create-aat 0551ce49b10bd603c85b8de89434686efdbb9c7a aaa
2024/03/11 19:47:48 Initializing Pocket Datadir
2024/03/11 19:47:48 datadir = /Users/olshansky/.pocket
Enter passphrase:
{
"version": "0.0.1",
"app_pub_key": "1789ebc8b3a37ebb07b6a9bd8716f34a67004c61f2120a8c1f76560474d8e4f0",
"client_pub_key": "aaa",
"signature": "8f07d21bc90fe571fcc326d0ba281eb71f61ddc781abe8f125ebe27ea74a3a55c09f7e4c19744dc7488b362a022e767b0d4e57965c0461dfc97f11c0996d2101"
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I mean the output of pocket apps create-aat --help
. We updated the text in app/cmd/cli/app.go, so this needs to match it.
## Description `Uncompressed Inline` section's `tar` command had a flag for gzip files even though that archive is uncompressed. This changes it to `tar -xv` instead so it doesn't error out. reviewpad:summary
doc/specs/cli/apps.md
Outdated
@@ -61,38 +61,31 @@ Transaction submitted with hash: <Transaction Hash> | |||
pocket apps create-aat <appAddr> <clientPubKey> | |||
``` | |||
|
|||
Creates a signed application authentication token \(version `0.0.1` of the AAT spec\), that can be embedded into | |||
application software for Relay servicing. Will prompt the user for the `<appAddr>` account passphrase. | |||
This CLI is hard-coded to generate an AAT with spec version 0.0.1. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I mean the output of pocket apps create-aat --help
. We updated the text in app/cmd/cli/app.go, so this needs to match it.
doc/specs/application-auth-token.md
Outdated
decomposed into two options: | ||
|
||
1. **Application Key != Client Key ** - Recommended for all Gateways. | ||
2. **Application Key == Client Key** - Recommended for independent Applications that are not Gateways. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, looks like we're not yet on the same page. Before just stepping back, let's discuss it more. I think it's important. If I miss something, I want to know it.
First of all, I watched https://www.youtube.com/watch?v=jVW-3lRzVT0. That was a great talk!
I watched "Sovereign Application" part at around 15:00 carefully and if I understand that part correctly, the Sovereign Application scenario still requires a gateway, right? As you said "they talk to the suppliers themselves" in the talk, they have their own program to submit relays, which is a gateway.
I guess you're calling only a delegated client "gateway". If so, "gateway" is just one usecase of "client" and we can't say "client, aka gateway". Whether it's delegated or not, a client is a program to submit relays. Actually I personally prefer calling it "relayer".
Anyway, the question is if "Sovereign Application" operator doesn't delegate the relayer part to anyone and opereates it themselves, is it recommended to use the same key for the Gateway and App? My answer is no.
To me, this question is almost the same as "can we use the same password for multiple services, like Amazon.com account and Google account?". The benefit from doing that is we can reduce the number of passwords to be managed, but of course the answer is "we can, but it's not recommended because it sacrifices security".
I think Application/Gateway has the same story.
In whatever scenario, a gateway program needs to access client private key to send a request. It needs to load the key in a raw format at some point. Access to application private key, on the other hand, is not required if they precreate an AAT. And if they do so, even if their server is hacked, application private key is safe. Good. If they use the same key for Client and Application, application private key is leaked when their client is hacked, and the staked tokens will be at stake really.
Maybe I'm getting paranoid to this. Probably the server will not be hacked. Managing less private keys is more beneficial. But if you recommend something, you need to clarify pros and cons, and explain why. Otherwise people cannot choose which fits their system "Application Key != Client Key" or "Application Key == Client Key" .
## Description reviewpad:summary
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for taking long. Thanks!
This PR is the result of reviewing the codebase to answer AAT-related questions
for the backend & infra teams at grove. As a result, the following changes were made:
General quality-of-life improvements for documentation, comments and code health.