-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Properly allocate runtime IDs #1693
Comments
Is there a reason why the runtime ID is currently considered to be a public key? This doesn't seem right with the current design. Should we switch to something else just to make it clear? For example in roothash (and soon in storage, e.g., #1857) we use the namespace type (which has the exact same representation just without public key semantics). |
No concrete reason. Was thinking we might want to allow runtime authors to sign things with the runtime signing key (as opposed to say, the SGX signing key) at some point, but I'm not sure that's needed. It likely depends on how updates are handled. |
I think we should segment runtime identifiers as follows:
Does this give us enough room for future extensions or do we need to reserve more than the first byte? |
Does the rest of the runtime ID need to have high entropy? Otherwise I'd say we can reserve more bits (first 32-64 bits), because we do have 256 bits to work with. |
No, runtime IDs don't need high entropy IMO, so yeah I agree that reserving more makes sense here. |
Fixed by #2530 |
This is more of a policy decision than an actual coding one. For the sake of sanity, we should start properly allocating runtime IDs. Currently absolutely everything uses
0000000000000000000000000000000000000000000000000000000000000000
which is sub-optimal to the extreme.I'm tempted to explicitly reject the default runtime ID value since that's what the uninitialized value will be on the Go side, but that might be overly disruptive, and it will be pointless if people just start using runtime ID
1
instead.Things that need runtime IDs:
Note: It's not inconceivable that the same runtime will have multiple runtime IDs, since it doubles as a deployment identifier. Test runtimes that should never see production deployment should probably live in a dedicated part of the runtime ID space as well.
The text was updated successfully, but these errors were encountered: