Authority-discovery should be performed only by sentries

[tomaka]

At the moment, validators publish the authority-discovery-related DHT records themselves. This is necessary because these records are signed with a key known to the validator only.

However, this reveals the validator's IP address.

Instead, the validator should send this signed record to its sentry nodes, and it's the sentry nodes that should perform the publication.

[tomaka]

As long as this isn't tackled, sentry nodes don't provide much protection.
An attacker can generate a network identity close to a certain validator ID, connect to the network, and the validator will sooner or later establish a TCP connection to that attacker.

[burdges]

Yes. sentry nodes would imply the validator never even opens connections with anybody besides their sentries.

[tomaka]

Additionally, the validator should not perform the get_value calls either. Instead, it's the sentry that would have to do it and pass the results to its validator.

[tomaka]

I believe that the solution is to add two small request-reponse protocols:

• One for sentries to periodically query the records to publish on the DHT.
• One for sentries to periodically (every 10mn) report the list of validators that they have discovered through the DHT.

It should be quite easy to do that after #6634 is merged.

[tomaka]

Would be obsolete after #6762

[tomaka]

Closing as obsolete.