Node age

[dirvine]

This change is

[maqi]

Review status: 0 of 1 files reviewed at latest revision, 5 unresolved discussions.

---

text/0045-node-age/0045-node-age.md, line 25 at r1 (raw file):

## Motivation

The network must secure against targeting groups. Earlier RFC's have solutions for group security,

shall correspondent RFC to be linked?

---

text/0045-node-age/0045-node-age.md, line 42 at r1 (raw file):

This RFC requires that nodes that are not "well behaved" will be excluded from the network.
Additionally it is assumed that data chains are
[implemented](https://github.com/maidsafe/rfcs/blob/master/text/0029-data-chains.md/0029-data-chains.md) and

shall data chains be linked instead of implemented ?

---

text/0045-node-age/0045-node-age.md, line 50 at r1 (raw file):

    considered invalid nodes).
  - Groups will ***not** accept connections from the same IP address.
  - Groups will only allow 1, node with 0 age.

only allow node with 0 age`

---

text/0045-node-age/0045-node-age.md, line 67 at r1 (raw file):

Without any node relocation an attacker with a single join will enter a group and therefore requires
(Q - 1) nodes To take over the group completely. An attacker will therefore require the attacker try

An attack will ... ?

---

text/0045-node-age/0045-node-age.md, line 176 at r1 (raw file):

connecting to each group member the node must supply the `JoiningProof` as described above. AS there
is no history for this node it will be allocated an age == zero. This means the node itself on
successful join will be immediately relocated.

So an attacker have a node behaving well for some time and gained Age 5 in group T
Then, he can just start up nodes quickly and test whether has been relocated to the target group T.
The relocating will happen immediately so such test won't take much time.
This will give the attacker at least two Age 1 nodes (Age 1 allows two churn events).
Plus the previous Age 5 node, the attacker now controls three nodes, which gives him a high chance to corrupt the group.

---

Comments from Reviewable

[dirvine]

Review status: 0 of 1 files reviewed at latest revision, 5 unresolved discussions.

---

text/0045-node-age/0045-node-age.md, line 25 at r1 (raw file):

Previously, maqi wrote…

shall correspondent RFC to be linked?

Good point I will do that.

---

text/0045-node-age/0045-node-age.md, line 42 at r1 (raw file):

Previously, maqi wrote…

shall data chains be linked instead of implemented ?

They will be linked as they are a separate crate. There will be a degree of impl in routing and vaults still mind you.

---

text/0045-node-age/0045-node-age.md, line 67 at r1 (raw file):

Previously, maqi wrote…

An attack will ... ?

FYI - done

---

text/0045-node-age/0045-node-age.md, line 176 at r1 (raw file):

Previously, maqi wrote…

So an attacker have a node behaving well for some time and gained Age 5 in group T
Then, he can just start up nodes quickly and test whether has been relocated to the target group T.
The relocating will happen immediately so such test won't take much time.
This will give the attacker at least two Age 1 nodes (Age 1 allows two churn events).
Plus the previous Age 5 node, the attacker now controls three nodes, which gives him a high chance to corrupt the group.

Agreed, but those nodes will not be there long, 1 will create a churn so they may exist for 1 churn event, but importantly with almost no rank in a vote. This is where we need to consider carefully the quorum algorithm to decide on when the vote weight starts (i.e. above median etc.)

---

Comments from Reviewable

[dirvine]

Review status: 0 of 1 files reviewed at latest revision, 5 unresolved discussions.

---

text/0045-node-age/0045-node-age.md, line 25 at r1 (raw file):

Previously, dirvine (David Irvine) wrote…

Good point I will do that.

Done.

---

Comments from Reviewable

[dirvine]

Review status: 0 of 1 files reviewed at latest revision, 5 unresolved discussions.

---

text/0045-node-age/0045-node-age.md, line 50 at r1 (raw file):

Previously, maqi wrote…

only allow node with 0 age`

Done.

---

Comments from Reviewable

[dirvine]

Review status: 0 of 1 files reviewed at latest revision, 5 unresolved discussions.

---

text/0045-node-age/0045-node-age.md, line 67 at r1 (raw file):

Previously, dirvine (David Irvine) wrote…

FYI - done

Done.

---

Comments from Reviewable

[dirvine]

Review status: 0 of 1 files reviewed at latest revision, 5 unresolved discussions.

---

text/0045-node-age/0045-node-age.md, line 176 at r1 (raw file):

Previously, dirvine (David Irvine) wrote…

Agreed, but those nodes will not be there long, 1 will create a churn so they may exist for 1 churn event, but importantly with almost no rank in a vote. This is where we need to consider carefully the quorum algorithm to decide on when the vote weight starts (i.e. above median etc.)

We also must consider there will only ever be 1 noe per group max waiting to connect. All others will be rejected in that time.

---

Comments from Reviewable