SEP: 0020
Title: Self-verification of validator nodes
Author: Johan Stén <johan@futuretense.io>
Track: Standard
Status: Active
Created: 2018-05-06
Discussion: https://github.com/stellar/stellar-protocol/issues/111
Using Stellar accounts to link validator nodes to the entities operating them.
SCP depends on knowing the identies of the nodes you add in your quorum slice and thus choose to listen to. When discovering or verifying validators in the Stellar network it is useful to have a clear link between the nodes and their identity in the wider internet.
So who do you listen to? And how do you know what nodes belong to them?
Just as Stellar uses federation for anchors, and federated address lookups, we suggest using the same mechanics for a baseline level of verification of validator nodes.
There is currently no standard way for publishing node metadata. We need better scalability, better discoverability, more decentralization, better information quality.
- Create an account for the validator node you operate
- Set the account homedomain to your website
- Create a stellar.toml file in
/.well-known
on the website server - Add your validator node to the stellar.toml file
This creates a two-way link between the node and the website of the operating entity, uniquely identifying it.
SEP-0001 specificies how to add validator information to your stellar.toml. The basic idea: for each validator you run, add a [[VALIDATORS]]
table, and provide information about that validator in the table.
At a minimum, you need to complete the PUBLIC_KEY
field, though completing all fields improves discoverability. If your node publishes an archive, add its location in the HISTORY
field so that other validators know where to find it.
const userKeys = StellarSdk.Keypair.fromSecret(...);
// validator node NODE_SEED
const nodeKeys = StellarSdk.Keypair.fromSecret(...);
const nodeId = nodeKeys.publicKey();
// the
const homeDomain = '...';
const account = await server.loadAccount(userKeys.publicKey());
const tx = new StellarSdk.TransactionBuilder(account, {fee: 100})
.addOperation(StellarSdk.Operation.createAccount({
destination: nodeId,
startingBalance: '1'
}))
.addOperation(StellarSdk.Operation.setOptions({
source: nodeId,
homeDomain: homeDomain
}))
.setTimeout(0)
.build();
tx.sign(userKeys);
tx.sign(nodeKeys);
const result = await server.submitTransaction(tx);
MacBook-Pro:~ Johan$ curl https://horizon.stellar.org/accounts/GCGB2S2KGYARPVIA37HYZXVRM2YZUEXA6S33ZU5BUDC6THSB62LZSTYH
{
...
"id": "GCGB2S2KGYARPVIA37HYZXVRM2YZUEXA6S33ZU5BUDC6THSB62LZSTYH",
...
"home_domain": "www.stellar.org",
...
}
MacBook-Pro:~ Johan$ curl https://www.stellar.org/.well-known/stellar.toml
...
[[VALIDATORS]]
ALIAS="sdf1"
DISPLAY_NAME="SDF 1"
HOST="core-live-a.stellar.org:11625"
PUBLIC_KEY="GCGB2S2KGYARPVIA37HYZXVRM2YZUEXA6S33ZU5BUDC6THSB62LZSTYH"
HISTORY="http://history.stellar.org/prd/core-live/core_live_001/"
[[VALIDATORS]]
ALIAS="sdf2"
DISPLAY_NAME="SDF 2"
HOST="core-live-b.stellar.org:11625"
PUBLIC_KEY="GCM6QMP3DLRPTAZW2UZPCPX2LF3SXWXKPMP3GKFZBDSF3QZGV2G5QSTK"
HISTORY="http://history.stellar.org/prd/core-live/core_live_002/"
[[VALIDATORS]]
ALIAS="sdf3"
DISPLAY_NAME="SDF 3"
HOST="core-live-c.stellar.org:11625"
PUBLIC_KEY="GABMKJM6I25XI4K7U6XWMULOUQIQ27BCTMLS6BYYSOWKTBUXVRJSXHYQ"
HISTORY="http://history.stellar.org/prd/core-live/core_live_003/"
...
Federation is well-established as a building block for protocols built on Stellar.
Validator nodes have keypairs and are already using public keys as their identity, so it's not much of a stretch to add accounts into the mix, in order to start using reverse federation as a means of looking up metadata associated with a specific validator node.
With a validator node account linked to a homedomain stellar.toml file like suggested, we're really relying on the integrity of the stellar.toml file and the server it resides on, making sure it only has write access by authorized users.
Additional security measures that could be taken include signing the stellar.toml file with the validator key(s), and serving in a file next to the stellar.toml file.
Another thing might be to add DKIF2-style protection, and sign the stellar.toml file with a private key unrelated to the validator node(s), and publish the public key in the DNS response.
These are most likely the topic of a SEP by themselves.
1) https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0001.md
2) stellar#80