Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[proposal] de-militarized-[RPC]-zone #15319

Closed
HashUnlimited opened this issue Feb 1, 2019 · 7 comments
Closed

[proposal] de-militarized-[RPC]-zone #15319

HashUnlimited opened this issue Feb 1, 2019 · 7 comments
Labels
Brainstorming RPC/REST/ZMQ

Comments

@HashUnlimited
Copy link
Contributor

Short abstract: Certain (and newly introduced) functions are only accessible via the RPC interface. While being very useful, due to the complexity, some of them (e.g. multisig, partially signed tx) might never make it onto a user level.

Proposal: Introduction of an advanced user level. At advanced level, a limited RPC interface is enabled which serves all regular functions except those where private keys are involved.

This would allow 3rd parties to create guiding software, which takes over the complex steps of those functions, while remaining trustless.

My 2 cents so far, probably enough to trigger a discussion.
@jonasschnelli
Copy link
Contributor

There once was the RPC safe mode (which was different though) #13090.

The current safest mode is probably to run without private keys (createwallet <name> true) or to run with disabled wallet or wallet not compiled in.

Another approach I once looked into would be creating another RPC server binary that would act as a bridge between an http server (that could use TLS and auth) and the bitcoind RPC server.
That bridge software could be configured for multiuser with quotas about how much wallets they can create, etc.
A safe mode would also be possible.

@promag
Copy link
Member

promag commented Feb 4, 2019

Not sure if I understand, you want distinct RPC interfaces or you want different user privileges?

@HashUnlimited
Copy link
Contributor Author

I think there are multiple ways to achieve what is desired. An extended REST API with read-only wallet access could do the job as well.

Example: I am renting out servers. One machine is too much for Alice but together with Bob the offer would fit. Now I am looking for a way to handle the payment in a mainly automated way by checking their wallets for the possible inputs and suggesting the PSBT for each of them. That way they could check and copy-paste sign the inputs. I can handle the rest of the process but would need read-only access to their wallets.

@promag
Copy link
Member

promag commented Feb 11, 2019

I don't think we should promote access to other's server HTTP interface. P2P should be the only public interface.

Even the REST interface should not be exposed, otherwise it's easy to mess your node.

@HashUnlimited
Copy link
Contributor Author

The REST could be expanded to a wallet branch... Are there other ideas how to port useful features into commonly useable and safe interfaces?

@benthecarman
Copy link
Contributor

I made a project that is similar to this idea, you can check it out here: https://github.com/benthecarman/Lightning-Rod

@maflcko
Copy link
Member

maflcko commented Apr 26, 2020

Duplicate of #12248 ?

@maflcko maflcko closed this as completed Apr 26, 2020
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Feb 15, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Brainstorming RPC/REST/ZMQ
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jonasschnelli @promag @maflcko @benthecarman @HashUnlimited