Closed jakubtrnka closed 1 year ago
Btw, note that there is a typo in the sect. 3 of the spec.
+----------------+-------------+---------------------------------------------------------------------------------------+
| Protocol Type | Byte Length | Description |
+----------------+-------------+---------------------------------------------------------------------------------------+
should actually be
+----------------+-------------+---------------------------------------------------------------------------------------+
| Field name | Byte Length | Description |
+----------------+-------------+---------------------------------------------------------------------------------------+
or similar
I think this would improve the Sv2 protocol. I guess that Sv2 do not require encryption on local networks in order to have less complex mining device. I don't think this is a good enough reason to nack this proposal but I would like to hear someone else opinion on it.
About SRI specific pro e cons, implement this proposal will likely make the codebase less complex but some refactor will be needed because that and because it do not make sense to go with the first release without this improvement is very likely that we must delay first release. Again I do not think that this is a good enough reason to nack this proposal.
Below sentence is not true I guess:
Moreover no implementation currently exists that is able to parse sv2-messages longer than 65535 bytes
Below sentence is not true I guess:
My apology. You guys did better job than I thought. I've got a TODO in my code for that case for almost two years, lol.
Regarding the insecure mode - that was rather a side-note. Let's keep the insecure mode as an option, for now.
Main question was whether the proposed framing and encryption format would be something we agree on.
Main question was whether the proposed framing and encryption format would be something we agree on.
for me yes
This one was done in #40
Summary
Currently suggested framing of the stratum-v2 protocol with noise-security layer is sub-optimal.
First, plaintext stratum-v2 messages are framed as follows https://github.com/stratum-mining/sv2-spec/blob/main/03-Protocol-Overview.md#32-framing
That is, we have 6-bytes header followed some specific number of bytes of payload.
This in itself is fine.
Now, the encryption layer is applied where the serialized stratum-message is encrypted with AEAD cipher and framed again using
B0_64
primitive. https://github.com/stratum-mining/sv2-spec/blob/main/04-Protocol-Security.md#456-transport-message-encryption-and-formatWhy is this bad?
B0_64
contains two-byte length prefix which is sent in clear-text and is not even protected by the cryptographic MAC of the encryption scheme.Using the handshake protocol to establish secured communication is optional on the local network
. I think this is bad as well. There is no real benefit in using plaintext stratum-v2, because the binary protocol is not human readable anyways. For debugging purposes, noise-proxy can be used or session keys can be dumped and stream decrypted, similarly asSSLKEYLOGFILE
is used for debugging TLS connections. Therefore, in my opinion the standard SHOULD NOT allow using an insecure stratum-v2.Due to the last point it is quite difficult and unnecessarily complex to work with large stratum messages (note that Stratum-v2 frames may be up to 224 bytes long, while noise-frames only 216 - 1 bytes long. Moreover no implementation currently exists that is able to parse sv2-messages longer than 65535 bytes (including header), so currently supported use-cases doesn't even need the length-field in the stratum-v2 message (I'm not sure if anybody is interested in implementing the full-generic case for arbitrarily-long messages).
Proposed solution:
Make the security an integral part of stratum framing as follows:
hdr
hdr.pld_length
bytes as a payloadDecryptWithAd
call