Flesh out misbehavior reports #237
Conversation
| message MisbehaviorReport { | ||
| // Server time when the report was stored. Used only for querying reports. | ||
| // This field is not signed. | ||
| uint64 server_time_ns = 1; |
There was a problem hiding this comment.
We need this separately to the reporter time (which may have client clock skew), so that the query endpoint can query all payloads larger than a certain timestamp. Could have used a sequence ID or a timestamp, decided to use a timestamp so that it's simpler, while also avoiding confusion with cursors in the main replication protocol
| uint64 server_time_ns = 1; | ||
| bytes unsigned_misbehavior_report = 2; | ||
| // Signed by the node hosting the report | ||
| xmtp.identity.associations.RecoverableEcdsaSignature signature = 3; |
There was a problem hiding this comment.
We have the node's signature here. Alternative approaches:
- No signature - it makes it a bit tricky to handle cases where a node retracts or denies a report it previously made. It also seems useful to know which node client reports came in through, as opposed to them going into one big pool.
- Add a client signature - I think in most cases clients will want to stay anonymous. Adding your public key to a set of group payloads may end up deanonymizing a group.
When we define incentives for submitting reports, some entities may want to be rewarded. When we get there, perhaps we could add a claimant_public_key field to the UnsignedMisbehaviorReport. Probably don't need an additional signature for that.
| message SubmitMisbehaviorReportResponse {} | ||
|
|
||
| message QueryMisbehaviorReportsRequest { | ||
| uint64 after_ns = 1; |
There was a problem hiding this comment.
I think this is the minimum set of parameters we should be able to query by, but in the future it may make sense to add queries by misbehaving_node_id or misbehavior type or excuding client reports
richardhuaaa
force-pushed
the
rich/misbehavior-reports
branch
from
f8d181a to
490aa3a
Compare
xmtp/xmtpd#302