Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Docs] AAT related comments & documentation improvements #1598

Merged
merged 10 commits into from
Mar 13, 2024

Conversation

Olshansk
Copy link
Member

@Olshansk Olshansk commented Feb 7, 2024

This PR is the result of reviewing the codebase to answer AAT-related questions
for the backend & infra teams at grove. As a result, the following changes were made:

  • Reformat (automatically) a handful of files using goimports-reviser
  • Update comments in some parts of the source code related to AATs
  • Update the documentation related to generating and using AATs
  • Build a reference upon which the foundation will update the official documentation at pokt-network/docs-v2

General quality-of-life improvements for documentation, comments and code health.

@Olshansk Olshansk changed the title [DRAFT] Improve comments & naming [Documentation] Improve comments & naming Feb 8, 2024
@Olshansk Olshansk self-assigned this Feb 8, 2024
@Olshansk Olshansk marked this pull request as ready for review February 8, 2024 21:20
app/util.go Outdated Show resolved Hide resolved
Copy link

@adshmh adshmh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for sharing the PR, it is very helpful in showing how AATs work.
One extra suggestion: would be great if we could reference several of the files that are touched here in a list of docs/code to look at to learn how the relays and proofs work.

doc/specs/application-auth-token.md Outdated Show resolved Hide resolved
doc/specs/application-auth-token.md Outdated Show resolved Hide resolved
doc/specs/application-auth-token.md Outdated Show resolved Hide resolved
doc/specs/application-auth-token.md Outdated Show resolved Hide resolved
doc/specs/application-auth-token.md Outdated Show resolved Hide resolved
doc/specs/application-auth-token.md Outdated Show resolved Hide resolved
x/pocketcore/keeper/aat.go Outdated Show resolved Hide resolved
Copy link

@commoddity commoddity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree with @adshmh here; this is great improvement in clarity and providing context. Thanks a lot.

@Olshansk
Copy link
Member Author

Olshansk commented Feb 13, 2024

@adshmh

One extra suggestion: would be great if we could reference several of the files that are touched here in a list of docs/code to look at to learn how the relays and proofs work.

Would you be open to tackle this one yourself?

Copy link
Contributor

@msmania msmania left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the main purpose of this PR is to add description about AAT rather than general documentation improvement. Can you update the PR description?

  • This PR contains redundant descriptions. Can you put the most detailed description in .md file under doc/specs or in https://github.com/pokt-network/docs-v2, and make other places refer to it? Code comments should be kept simple.
  • I see some comments are not necessary because they're just rephrasing a code.
  • Regarding AAT, I know PNF or Grove are introducing a new term "Gateway" to call what is used to be called "Client". Having a comment like "(a.k.a gatewayPubKey)" everywhere is confusing. In v0 code, can we just keep using clientPubKey? Since it's defined as clientPubKey in the code, it's just clientPubKey.
  • You emphasize "appPubKey and clientPubKey may or may not be the same", but I think it's not that important. It's ok to say it in application-auth-token.md as a note, but not as code comments.

app/cmd/cli/app.go Show resolved Hide resolved
app/cmd/cli/app.go Outdated Show resolved Hide resolved
app/cmd/rpc/client.go Show resolved Hide resolved
app/cmd/rpc/client.go Outdated Show resolved Hide resolved
app/query.go Outdated Show resolved Hide resolved
x/pocketcore/types/crypto.go Show resolved Hide resolved
x/pocketcore/types/proof.go Outdated Show resolved Hide resolved
doc/specs/application-auth-token.md Show resolved Hide resolved
doc/specs/application-auth-token.md Outdated Show resolved Hide resolved
doc/specs/application-auth-token.md Outdated Show resolved Hide resolved
@Olshansk Olshansk changed the title [Documentation] Improve comments & naming [Docs] AAT related comments & documentation improvements Feb 16, 2024
@Olshansk Olshansk added this to the Network Quality of Life milestone Feb 16, 2024
app/cmd/cli/app.go Outdated Show resolved Hide resolved
x/pocketcore/types/proof.go Outdated Show resolved Hide resolved
x/pocketcore/types/proof.go Show resolved Hide resolved
x/pocketcore/types/crypto.go Show resolved Hide resolved
x/pocketcore/types/aat.go Show resolved Hide resolved
x/pocketcore/keeper/aat.go Outdated Show resolved Hide resolved
x/pocketcore/keeper/aat.go Show resolved Hide resolved
x/pocketcore/keeper/aat.go Show resolved Hide resolved
app/cmd/cli/app.go Show resolved Hide resolved
app/cmd/cli/app.go Show resolved Hide resolved
@POKT-Discourse
Copy link

This pull request has been mentioned on Pocket Network Forum. There might be relevant details there:

https://forum.pokt.network/t/block-sizes-claims-and-proofs-in-the-multi-gateway-era/5060/9

@Olshansk
Copy link
Member Author

Olshansk commented Mar 4, 2024

@msmania @kutoft @ezeike @nodiesBlade @commoddity @adshmh Wanted to bump this PR. PTAL when you have a chance.

app/cmd/cli/app.go Show resolved Hide resolved
app/cmd/cli/app.go Outdated Show resolved Hide resolved
app/util.go Outdated Show resolved Hide resolved
doc/specs/application-auth-token.md Outdated Show resolved Hide resolved
doc/specs/application-auth-token.md Outdated Show resolved Hide resolved
doc/specs/application-auth-token.md Outdated Show resolved Hide resolved
doc/specs/application-auth-token.md Outdated Show resolved Hide resolved
doc/specs/cli/apps.md Outdated Show resolved Hide resolved
doc/specs/cli/apps.md Outdated Show resolved Hide resolved
x/pocketcore/keeper/proof.go Outdated Show resolved Hide resolved
@Olshansk Olshansk force-pushed the comment_and_name_improvements branch from 5c7c13b to 0054870 Compare March 7, 2024 22:18
@Olshansk Olshansk requested a review from msmania March 7, 2024 22:18
app/util.go Outdated Show resolved Hide resolved
x/apps/keeper/querier_test.go Show resolved Hide resolved
doc/specs/application-auth-token.md Outdated Show resolved Hide resolved
decomposed into two options:

1. **Application Key != Client Key ** - Recommended for all Gateways.
2. **Application Key == Client Key** - Recommended for independent Applications that are not Gateways.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This part is still confusing to me. Having "Recommended for all Gateways" and "Recommended for independent Applications that are not Gateways" in the same list doesn't sound right. The first item says "for gateways" while the second item says "for Applications", but these are two different concepts. Application is not Gateway.

I think it's fair to say we create AAT for gateways because a gateway (aka client, relayer) is a program to use AAT. Then the second case confuses me. Do you mean there is a situation where we can use AAT without any gateways? Can you elaborate that case a little bit more?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should watch my talk! https://www.youtube.com/watch?v=jVW-3lRzVT0&t=1s

Docs also updated.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added this:

_Note: Please note that option 2 is only shown for theoretical purposes. Due to
the scaling limitations of Morse (v0) implemented in `pocket-core`, Gateways
have to be used. The original design / intention of Pocket, and how Shannon (v1)
will operate is support both modes._

If this is not enough and you want me to write out the whole story, I'd rather just delete these updates ot the docs altogether.

Lmk what you prefer.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, looks like we're not yet on the same page. Before just stepping back, let's discuss it more. I think it's important. If I miss something, I want to know it.

First of all, I watched https://www.youtube.com/watch?v=jVW-3lRzVT0. That was a great talk!

I watched "Sovereign Application" part at around 15:00 carefully and if I understand that part correctly, the Sovereign Application scenario still requires a gateway, right? As you said "they talk to the suppliers themselves" in the talk, they have their own program to submit relays, which is a gateway.

I guess you're calling only a delegated client "gateway". If so, "gateway" is just one usecase of "client" and we can't say "client, aka gateway". Whether it's delegated or not, a client is a program to submit relays. Actually I personally prefer calling it "relayer".

Anyway, the question is if "Sovereign Application" operator doesn't delegate the relayer part to anyone and opereates it themselves, is it recommended to use the same key for the Gateway and App? My answer is no.

To me, this question is almost the same as "can we use the same password for multiple services, like Amazon.com account and Google account?". The benefit from doing that is we can reduce the number of passwords to be managed, but of course the answer is "we can, but it's not recommended because it sacrifices security".

I think Application/Gateway has the same story.

In whatever scenario, a gateway program needs to access client private key to send a request. It needs to load the key in a raw format at some point. Access to application private key, on the other hand, is not required if they precreate an AAT. And if they do so, even if their server is hacked, application private key is safe. Good. If they use the same key for Client and Application, application private key is leaked when their client is hacked, and the staked tokens will be at stake really.

Maybe I'm getting paranoid to this. Probably the server will not be hacked. Managing less private keys is more beneficial. But if you recommend something, you need to clarify pros and cons, and explain why. Otherwise people cannot choose which fits their system "Application Key != Client Key" or "Application Key == Client Key" .

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The goal is to deprecate pocket-core and focus on poktroll, so I don't want to make a big deal out of this. This was a "side quest".

How about I just delete this part of the documentation to avoid confusion and paranoia?
👍?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We discussed in Discord and agreed:

  • We should not bring Shannon concepts to this repo
  • Client in v0 is not Gateway in Shannon
  • Client pubkey may be the same as App pubkey, but it's not recommended in v0

@@ -61,38 +61,31 @@ Transaction submitted with hash: <Transaction Hash>
pocket apps create-aat <appAddr> <clientPubKey>
```

Creates a signed application authentication token \(version `0.0.1` of the AAT spec\), that can be embedded into
application software for Relay servicing. Will prompt the user for the `<appAddr>` account passphrase.
This CLI is hard-coded to generate an AAT with spec version 0.0.1.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update this to match the actual command output.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was the output. How should I update the docs?

 pocket apps create-aat 0551ce49b10bd603c85b8de89434686efdbb9c7a aaa
2024/03/11 19:47:48 Initializing Pocket Datadir
2024/03/11 19:47:48 datadir = /Users/olshansky/.pocket
Enter passphrase:
{
  "version": "0.0.1",
  "app_pub_key": "1789ebc8b3a37ebb07b6a9bd8716f34a67004c61f2120a8c1f76560474d8e4f0",
  "client_pub_key": "aaa",
  "signature": "8f07d21bc90fe571fcc326d0ba281eb71f61ddc781abe8f125ebe27ea74a3a55c09f7e4c19744dc7488b362a022e767b0d4e57965c0461dfc97f11c0996d2101"
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean the output of pocket apps create-aat --help. We updated the text in app/cmd/cli/app.go, so this needs to match it.

0xThresh and others added 3 commits March 11, 2024 19:42
## Description
`Uncompressed Inline` section's `tar` command had a flag for gzip files
even though that archive is uncompressed. This changes it to `tar -xv`
instead so it doesn't error out.

reviewpad:summary
@Olshansk Olshansk requested a review from msmania March 12, 2024 02:53
@@ -61,38 +61,31 @@ Transaction submitted with hash: <Transaction Hash>
pocket apps create-aat <appAddr> <clientPubKey>
```

Creates a signed application authentication token \(version `0.0.1` of the AAT spec\), that can be embedded into
application software for Relay servicing. Will prompt the user for the `<appAddr>` account passphrase.
This CLI is hard-coded to generate an AAT with spec version 0.0.1.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean the output of pocket apps create-aat --help. We updated the text in app/cmd/cli/app.go, so this needs to match it.

decomposed into two options:

1. **Application Key != Client Key ** - Recommended for all Gateways.
2. **Application Key == Client Key** - Recommended for independent Applications that are not Gateways.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, looks like we're not yet on the same page. Before just stepping back, let's discuss it more. I think it's important. If I miss something, I want to know it.

First of all, I watched https://www.youtube.com/watch?v=jVW-3lRzVT0. That was a great talk!

I watched "Sovereign Application" part at around 15:00 carefully and if I understand that part correctly, the Sovereign Application scenario still requires a gateway, right? As you said "they talk to the suppliers themselves" in the talk, they have their own program to submit relays, which is a gateway.

I guess you're calling only a delegated client "gateway". If so, "gateway" is just one usecase of "client" and we can't say "client, aka gateway". Whether it's delegated or not, a client is a program to submit relays. Actually I personally prefer calling it "relayer".

Anyway, the question is if "Sovereign Application" operator doesn't delegate the relayer part to anyone and opereates it themselves, is it recommended to use the same key for the Gateway and App? My answer is no.

To me, this question is almost the same as "can we use the same password for multiple services, like Amazon.com account and Google account?". The benefit from doing that is we can reduce the number of passwords to be managed, but of course the answer is "we can, but it's not recommended because it sacrifices security".

I think Application/Gateway has the same story.

In whatever scenario, a gateway program needs to access client private key to send a request. It needs to load the key in a raw format at some point. Access to application private key, on the other hand, is not required if they precreate an AAT. And if they do so, even if their server is hacked, application private key is safe. Good. If they use the same key for Client and Application, application private key is leaked when their client is hacked, and the staked tokens will be at stake really.

Maybe I'm getting paranoid to this. Probably the server will not be hacked. Managing less private keys is more beneficial. But if you recommend something, you need to clarify pros and cons, and explain why. Otherwise people cannot choose which fits their system "Application Key != Client Key" or "Application Key == Client Key" .

x/apps/keeper/querier_test.go Show resolved Hide resolved
Copy link
Contributor

@msmania msmania left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for taking long. Thanks!

@Olshansk Olshansk merged commit 93592fa into staging Mar 13, 2024
4 checks passed
@Olshansk Olshansk deleted the comment_and_name_improvements branch March 13, 2024 00:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: In Progress
Development

Successfully merging this pull request may close these issues.

6 participants