Skip to content

Adding FLIP 332:Enforcing Domain-Based Networking Addresses for Nodes #333

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vishalchangrani merged 6 commits into from
Jun 23, 2025
Merged

Adding FLIP 332:Enforcing Domain-Based Networking Addresses for Nodes #333

vishalchangrani merged 6 commits into from
Jun 23, 2025

Conversation

@vishalchangrani
Copy link
Contributor

@vishalchangrani vishalchangrani commented Jun 20, 2025
edited
Loading

Flip Issue: #332

Comment Period: 2 weeks (June 19th to June 3rd July)

@vishalchangrani vishalchangrani self-assigned this Jun 20, 2025
@vishalchangrani vishalchangrani added the flip: protocol Protocol FLIP label Jun 20, 2025
This was referenced Jun 20, 2025
Open
Merged
@bluesign
Copy link
Collaborator

bluesign commented Jun 20, 2025

This is very convenient to have for sure, but think also need to think security side of things; slashing, routing etc. But maybe as we probably allow and suggest domain names already, those considerations are already done.

@vishalchangrani vishalchangrani moved this to Proposed in FLIPs Tracker Jun 20, 2025
@vishalchangrani
Copy link
Contributor Author

vishalchangrani commented Jun 20, 2025

This is very convenient to have for sure, but think also need to think security side of things; slashing, routing etc. But maybe as we probably allow and suggest domain names already, those considerations are already done.

Hi @bluesign - do you mean slashing if someone stakes with an IP address?

@bluesign
Copy link
Collaborator

bluesign commented Jun 20, 2025
edited
Loading

hmm we are adding another layer of direction, maybe that can lead to some slashing/routing problems.

imagine you are sending message to me ( node A to node B ) if I set my network address as your network address, maybe it can lead to some problems for example.

also for example DNS does not propagate ( or at least cached for different durations ) if I move my node, some of the peers can resolve my old address while some resolving new. ( not sure running 2 node with same key possible )

it basically creates some attack / bug surface for sure, but not sure how deep it is. ( I am not that well versed in flow-go )

joshuahannan
joshuahannan approved these changes Jun 20, 2025
View reviewed changes
Copy link
Member

@joshuahannan joshuahannan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like a good idea to me! Just FYI, we already have a construct in the contract make sure that once a networking address has been used, it cannot be used again, so we don't need to worry about people setting their network address to the same as someone else

protocol/20250619-network-address-validation.md Outdated
Comment on lines 3 to 6
flip: NNN (set to the issue number)
authors: My Name (me@example.org), AN Other (you@example.org)
sponsor: AN Expert (core-contributor@example.org)
updated: YYYY-MM-DD
Copy link
Member

@joshuahannan joshuahannan Jun 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still have the placeholders here

Copy link
Contributor Author

@vishalchangrani vishalchangrani Jun 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed it.

@bjartek
Copy link
Contributor

bjartek commented Jun 20, 2025

Hou should probably mention what port that this is. IE what role it has for the node.

@bluesign
Copy link
Collaborator

bluesign commented Jun 20, 2025
edited
Loading

Just FYI, we already have a construct in the contract make sure that once a networking address has been used, it cannot be used again, so we don't need to worry about people setting their network address to the same as someone else

Yeah that was my point: like dnz.dev today can point to 1.1.1.1, but tomorrow I can point it to where dappernode.com pointing etc

but probably it is not problematic yet, as we have verified nodes for roles and trust.

@vishalchangrani
Copy link
Contributor Author

vishalchangrani commented Jun 20, 2025

Hou should probably mention what port that this is. IE what role it has for the node.

added a line about the port here under Background.

@vishalchangrani
Copy link
Contributor Author

vishalchangrani commented Jun 20, 2025

Just FYI, we already have a construct in the contract make sure that once a networking address has been used, it cannot be used again, so we don't need to worry about people setting their network address to the same as someone else

Yeah that was my point: like dnz.dev today can point to 1.1.1.1, but tomorrow I can point it to where dappernode.com pointing etc

but probably it is not problematic yet, as we have verified nodes for roles and trust.

That is a fair point but that is part of the larger protocol autonomy initiative to make the network more secure against byzantine nodes.

@vishalchangrani vishalchangrani merged commit 836997e into main Jun 23, 2025
@vishalchangrani vishalchangrani deleted the vishal/FLIP_332_networking_address_validation branch June 23, 2025 04:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joshuahannan joshuahannan joshuahannan approved these changes

Assignees

@vishalchangrani vishalchangrani

Labels

flip: protocol Protocol FLIP

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@vishalchangrani @bluesign @bjartek @joshuahannan