JWT Auth #52
Comments
|
Ok, so if I'm following the changes in this repo correctly, with #53 being merged, the idea is to completely remove mev-boost <> local execution engine communication? If that's the case then it seems fine not to worry about JWT with mev-boost because the purpose of JWT as I understand it is to make sure only a trusted CL controls the forkchoice of an execution engine. And the |
|
@realbigsean I think mev-boost will still need to deal with JWT. Lighthouse does not support unauthenticated communication with EL any longer, so if users want mev-boost to drive it, there will need to be support for authenticated communication. |
|
Thanks for the response @lightclient ! That's what I was thinking when I opened this issue. But all the calls from mev-boost to the execution layer were removed here, so mev-boost won't drive any communication to a local execution layer. I think limiting mev-boost's role to only payload construction (and not payload verification) is good, which that PR achieves. The updates to the diagram here I think make the changes clear: https://github.com/flashbots/mev-boost/pull/57/files The |
|
Right, my mistake. Thanks for the correction. In that case, it does seem like authenticating the API is unnecessary as it can't be used to i) disrupt the fork choice or ii) cause the client to sign a block from an untrusted builder. |
|
|
|
I don't think it is. |
|
Closing this for now. Let's reopen if needed 🙏 |
How will MEV-boost handle auth for CL<>EL communication? https://github.com/ethereum/execution-apis/blob/main/src/engine/authentication.md
Seems like most requests could just be forwarded, but
engine_forkchoiceUpdatedV1will need to be sent to the relay. So I think MEV-boost will need to accept ajwt-secretto let it decryptengine_forkchoiceUpdatedV1before sending it to the relay.The text was updated successfully, but these errors were encountered: