DIP196
TitleOn-chain Network Identity
AuthorGreg Nazario (@gregnazario)
StatusDraft
TypeInformational
Created07/06/2021

Summary#

Dip-6 defines a method for downstream nodes to learn about validator full nodes and gain access to the Diem network. In turn, validator full nodes would benefit by being able to distinguish known nodes from unknown nodes. This DIP describes the ability for node operators to self register their network identity on-chain, and allow other nodes to lookup this data for discovery of other nodes. An example use case is the ability for validator node operators to provide privileged clients prioritized access to validator full nodes. Validator full nodes can subscribe to an event stream to learn about changes and determine which nodes to prioritize.

Specification#

On-chain Network Identity Format#

The identities shall be a vector of BCS encoded NetworkIdentity objects. However, the vector shall be a set, and any duplicates will be ignored.

{
identities: vector<vector<u8>>,
}

The NetworkIdentity struct shall be a tuple of peer_id and a x25519 public_key that represents the identity for a single node.

{
peer_id: <account_address>,
public_key: <base64 encoded x25519 public key>,
}

Updating Network Identity - operator#

The NetworkIdentity for an account shall be updated by only the operator of the account. At this point, the consumers of this identity must update their local use of identity within a reasonable amount of time.

Consuming Network Identity#

Consumers of NetworkIdentity may keep track of a list of accounts to watch. The consumers then can watch the event streams of each account's NetworkIdentity for updates and update accordingly.

struct NetworkIdentityChangeNotification {
account: address,
identities: vector<vector<u8>>,
time_rotated_seconds: u64,
}
struct Identity {
peer_id: PeerId,
public_keys: Vec<x25519::PublicKey>,
}

Backwards Compatibility#

As this only applies to discovery of future nodes, there are no concerns for backwards compatibility. The onchain identity for VFNs work with already existing prioritzation in connection limiting for the network. Additionally, rate limiting can use this information for prioritization.

Copyright Notice#

This documentation is made available under the Creative Commons Attribution 4.0 International (CC BY 4.0) license (available at https://creativecommons.org/licenses/by/4.0/).