To further lock down the nodes, it should be possible to define which nodes are allowed to connect. This can be a simple extension of the Server structure with something like:
AllowNodes([]network.ServerIdentityID)
Whenever a new block is accepted by the byzcoin service, it would call this method with the latest roster.
The AllowRoster should limit both incoming and outgoing connections to be restricted to the set given in AllowNodes.
An environmental variable can be used to switch between the behaviour before AllowNodes is called:
locked - nothing allowed
open - everybody can connect
xxxx:xxxx:.... - a list of ServerIdentityIDs allowed to connect
To further lock down the nodes, it should be possible to define which nodes are allowed to connect. This can be a simple extension of the
Server
structure with something like:AllowNodes([]network.ServerIdentityID)
Whenever a new block is accepted by the byzcoin service, it would call this method with the latest roster.
The
AllowRoster
should limit both incoming and outgoing connections to be restricted to the set given inAllowNodes
.An environmental variable can be used to switch between the behaviour before
AllowNodes
is called:locked
- nothing allowedopen
- everybody can connectxxxx:xxxx:....
- a list of ServerIdentityIDs allowed to connect