Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minor updates to the design spec sections on pool metadata #1507

Merged
merged 2 commits into from
Jun 5, 2020
Merged

Minor updates to the design spec sections on pool metadata #1507

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e061e1d
Minor updates to the design spec sections on pool metadata
dcoutts Jun 1, 2020
73393a5
Clarify stake pool metadata overall sizes
dcoutts Jun 1, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
44 changes: 20 additions & 24 deletions shelley/design-spec/delegation_design_spec.tex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1213,6 +1213,10 @@ \subsubsection{Stake Pool Registration Certificates}
pool: cost, margin, and amount of stake pledged to the pool by the
owner(s), see \cref{stake-pool-registration,reminder-stake-pool-registration}.

\item
A list of IP addresses and/or DNS Names of public relay nodes that the stake
pool operator provides to support the Cardano network.

\item
Optionally, a URL and content hash for additional metadata about the pool, for
display in the wallet. The URL is restricted to a length of 64 bytes. It is
Expand Down Expand Up @@ -2387,55 +2391,47 @@ \subsection{Stake Pool Registration}
\subsection{Stake Pool Metadata}
\label{stake-pool-metadata}

The stake pool registration certificate can contain a URL (up to 64 bytes),
pointing to a JSON object with the following content:
The stake pool registration certificate
(see \cref{stake-pool-registration-certificates}) optionally contains a content
hash and a URL (up to 64 bytes), pointing to a JSON object with the following
content:

\begin{description}
\item[A Ticker]
of 3-5 characters, for a compact display of stake pools in a
wallet.
\item[A Title/Name]
\item[A Name]
of up to 50 characters.
\item[A Short Textual Description]
of up to 255 characters.
\item[A URL]
to a homepage with additional information about the pool.
\item[A list of IP addresses and/or Domain Names]
of public relay nodes that the stake pool operator provides to contribute to
the Cardano network.
\item[A set of tags,]
keywords that can be used to filter stake pools in the wallet UI. For example,
a stake pool that gives their rewards to a charity might indicate this by
using a ``charity'' tag. Other tags could specify the geographic location, or
whether a pool is running on cloud infrastructure or a physical server owned
by the pool operator.
\end{description}
All characters in the metadata will be UTF8 encoded. The metadata is restricted
to have a size of no more than 512 bytes.
All characters in the metadata will be UTF8 encoded, as per the JSON
specification. The metadata is restricted to have a total size of no more than
512 bytes, including all JSON encoding overheads.

The stake pool operators are responsible for serving this data at the URL
provided in the stake pool registration certificate. However, wallets will not
provided in the stake pool registration certificate. However, wallets should not
retrieve the data for each stake pool at those individual URLs. Not only would
that be inefficient, it would also allow malicious actors to intentionally slow
down all wallets by intentionally delaying the response of their server.
Instead, metadata will be cached on \emph{metadata proxy servers}.

Those proxy servers will query the metadata URLs in the stake pool registration
certificates, and cache the metadata, with the pool's \(sks\) as key.
Invalidating the cache will be triggered when the content hash listed in the
certificate does not match the content hash of the cached metadata. The wallet
will then retrieve the metadata for pools it needs to display from one of the
proxy servers, instead of having to send a request to each of the pool's
metadata URLs.
certificates, and cache the metadata. The wallet will then retrieve the
metadata for pools it needs to display from one of the proxy servers, instead
of having to send a request to each of the pool's metadata URLs.

Those servers are simple, and in particular, they require relatively little
trust: because of the content hash, someone running a proxy server can not
display forged metadata. The worst thing they can do is filter the list of stake
pools.

In order to avoid those proxy servers to become a point of centralisation of the
system, we will encourage third parties (stake pools, people in the community)
to run metadata proxy servers, and provide code and binaries for the proxies.
Wallets should be configurable to query a number of those proxy servers.
system, it is encouraged that third parties (stake pools and other members of
the community) should also run metadata proxy servers. Wallets should be
configurable to query a number of those proxy servers.

Another function that the metadata proxy servers provide is filtering malicious
entries: it is possible to embed a variety of malicious content in the metadata,
Expand Down