Closed bkchr closed 5 months ago
In this RFC, all session keys first acknowledge their controller key by signing it, after which their controller key certifies them. Yes, we do obtain the desired back certificates this way, but I'd envisioned doing this in part the other way round, plus adding a master session key.
It'd look like this:
(subordinate_session_key,its_signature_on_grandpa_key)
.In emergencies, a command line option could overrides 7, and maybe this could happen automatically, but usually 7 prevents nodes being slashed for operator error.
In this, 1-2 have same orientation as proposed here, but 3-4 have the reversed orientation. We must check a two step certificate chain, including two back certificates, before believing a session key, but this should be a rare enough it does not matter. Our nonce in 4 could be some ephemeral key like maybe the transport layer key.
Anyways..
If there is a pressing need to do something simpler first then fine, and validator operators rarely get slashed for equivocations these days, maybe they get 0% slashed or we refund them, but it's maybe worth defending against the equivocations footgun like this. A master session key permits changing session keys without impacting user experience for validator operators, and consolidates the nonce lock under one session key, but this could be done without the master session key.
/rfc propose
Hey @bkchr, here is a link you can use to create the referendum aiming to approve this RFC number 0048.
It is based on commit hash adb59579ee424853a3174740b65e991a2a8d31aa.
The proposed remark text is: RFC_APPROVE(0048,2c5d27eb220a205e0c6634379a4a9cf6b6208362de7eb22660305f5dcfef7ab3)
.
We'd reduce slashing risks considerably if we handle this like I propsed above: https://github.com/polkadot-fellows/RFCs/pull/48#issuecomment-1809483250
Voting for this referenda is ongoing.
Vote for it here
PR can be merged.
Write the following command to trigger the bot
/rfc process 0x34f2bcbf3ef8b5ef7d7ab74cef6d391c1f6aee227daa5a67108f9e9c8ffd00aa
/rfc process 0x34f2bcbf3ef8b5ef7d7ab74cef6d391c1f6aee227daa5a67108f9e9c8ffd00aa
The on-chain referendum has approved the RFC.
This RFC changes the
SessionKeys
runtime api to support generating a proof of ownership of the generated session keys.