Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Oracles] Supported Protocols #1260

Open
shargon opened this issue Nov 20, 2019 · 12 comments
Open

[Oracles] Supported Protocols #1260

shargon opened this issue Nov 20, 2019 · 12 comments
Milestone

Comments

@shargon
Copy link
Member

@shargon shargon commented Nov 20, 2019

We can discuss about Oracle HTTP Protocols here:

With protocols we should implement in HTTP?

(Main topic discussion Syscall and ApplicationEngine #1275)
(Initial discussion #1243 (comment))


Summarized by Erik:

Supported schema: http, https, neofs
Supported http methods: GET, POST*

*Whether or not to support POST is still controversial.

@shargon shargon added the question label Nov 20, 2019
@shargon

This comment has been minimized.

Copy link
Member Author

@shargon shargon commented Nov 20, 2019

My opinion.

We should allow GET and POST. Because are the most common used, and also, sometimes the API (like our RPC), required to send a little information by POST.

@erikzhang

This comment has been minimized.

Copy link
Member

@erikzhang erikzhang commented Nov 20, 2019

We should support http and neofs. Another protocol we need to consider is https.

For http and https, I think we only need to support GET.

For neofs, we need a URI standard. Please discuss here: #1256

@shargon shargon added discussion and removed question labels Nov 20, 2019
@realloc

This comment has been minimized.

Copy link

@realloc realloc commented Nov 21, 2019

According to W3Tech report more then 56% of websites use https by default, so https support is a must, not an option, even for just getting information from regular web sites.

Because Smart Contracts most probably would interact with dApp backends, there also must be support for at least both POST and GET verbs, because it's part of JSON RPC standard and both POST and GET are used in most REST APIs.

@erikzhang erikzhang changed the title Oracle: HTTP Protocols Oracle: Supported Protocols Nov 21, 2019
@shargon

This comment has been minimized.

Copy link
Member Author

@shargon shargon commented Nov 21, 2019

Agree with @realloc

@igormcoelho

This comment has been minimized.

Copy link
Contributor

@igormcoelho igormcoelho commented Nov 21, 2019

Agree, https should be default, and we will need GET/POST for REST,and standard auth. neofs and http will also be fundamental. @shargon any way we can.enforce name resolution via dnssec? It could be important too, although oracle voting.may also "fix" this (or not).

@shargon

This comment has been minimized.

Copy link
Member Author

@shargon shargon commented Nov 21, 2019

any way we can.enforce name resolution via dnssec?

I am not sure if dotnet core allow this, but we can try it

@shargon

This comment has been minimized.

Copy link
Member Author

@shargon shargon commented Nov 21, 2019

In fact, I think that we should only allow HTTPS schema, and not HTTP

Tech benefits:

  • More secure

Economic benefits:

  • If the certificate pinning is defined in the ABI. If they need to update it, the project will use the GAS for the manifest upgrade.
@erikzhang

This comment has been minimized.

Copy link
Member

@erikzhang erikzhang commented Nov 21, 2019

Agree with @shargon . We should allow https only.

@igormcoelho

This comment has been minimized.

Copy link
Contributor

@igormcoelho igormcoelho commented Nov 23, 2019

Good, I also think that https is much better. Yet, if its self signed certificate, or "untrusted" entity, one should pass the allowed identification for the oracle to know what to expect... would this be passed on tx header as well? It could be good I think.

@erikzhang

This comment has been minimized.

Copy link
Member

@erikzhang erikzhang commented Nov 23, 2019

Maybe we need to have a built-in trusted certification authority list? Otherwise, non-determinism may occur.

@lock9

This comment has been minimized.

Copy link
Contributor

@lock9 lock9 commented Nov 23, 2019

If we need everyone to share the same rules, I suspect this should be done inside a smart contract, like the network policy smart contract.
Isn't this a basic requirement for id systems?

@belane belane changed the title Oracle: Supported Protocols [Oracles] Supported Protocols Nov 26, 2019
@belane belane added the oracles label Nov 26, 2019
@belane belane added this to the NEO 3.0 milestone Nov 26, 2019
@belane

This comment has been minimized.

Copy link
Member

@belane belane commented Jan 3, 2020

It has been decided to start with the implementation of HTTP-GET.
Once finished, continue with HTTP-POST, HTTP 2.0, ...

I would also like to define the different limits and how are we going to store these values (oracle policy?)

  • Connection timeout.
  • Download timeout.
  • Request max size.
  • Response max size.
  • Response max size after filtering.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.