Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FR: Eliminate registry entry #3

Open
alessandro-saglimbeni opened this issue Mar 30, 2020 · 12 comments
Open

FR: Eliminate registry entry #3

alessandro-saglimbeni opened this issue Mar 30, 2020 · 12 comments

Comments

@alessandro-saglimbeni
Copy link

Problem

Issuers can only register a new asset to the asset registry but they cannot eliminate an entry of theirs.

This might be necessary if the name, ticker or precision are wrong, because currently only one asset_id can be registered with a given name or ticker or precision with a certain issuer_domain

Requirement

Allow issuers to eliminate an entry of theirs from the registry, provided that:

  • the asset proof has been removed from the .well-known directory under the previously registered domain
  • the issuer can sign a message as a challenge, with their issuer_pubkey
@greenaddress
Copy link

Seems reasonable to me.

The signed message should contain the asset id at minimum.

@shesek
Copy link
Collaborator

shesek commented Mar 31, 2020

Do we want to keep around some record indicating that this asset was registered in the past (apart from git the history)? We could use that information to issue a more descriptive 410 Gone, or perhaps even make the deleted asset json still available somehow (but without taking up ticker namespace).

@alessandro-saglimbeni
Copy link
Author

some record indicating that this asset was registered in the past

This sounds to me more like a "deprecate" functionality, which is useful, but my understanding for this requirement is straight elimination of an entry, before the asset is actually widely distributed, mostly for issuances made by mistake.

I'd track the "deprecation" separately because that'd also require Registry clients to be aware of deprecated assets, and probably see the old information along with some warning label probably.

@allenpiscitello what's your take?

@shesek
Copy link
Collaborator

shesek commented Apr 1, 2020

before the asset is actually widely distributed, mostly for issuances made by mistake.

If issuers can self-eliminate their asset from the registry, we couldn't enforce that this is what its being used for... we need to consider that this could delete widely used assets as well.

Also, if we do keep some record of the deletion, another thing that we might want to persist is the digital signature used to authorize it.

@shesek
Copy link
Collaborator

shesek commented Apr 3, 2020

Do we want to do some kind of challenge-response, have the issuer sign over some nonce or maybe a recent timestamp?

@shesek
Copy link
Collaborator

shesek commented Apr 3, 2020

Should we prevent deleted issued from being re-registered?

@shesek
Copy link
Collaborator

shesek commented Apr 4, 2020

the asset proof has been removed from the .well-known directory under the previously registered domain

Should we only consider 404 replies from the asset domain server as a verification that the proof was removed, or should we accept any failure (the server is down, the domain name does not resolve, there's no internet on our side, etc) as a verification?

On the one hand, demanding a valid 404 reply from the asset domain server would mean that its not possible to remove assets if you no longer control the domain name, say if the issuer let it expire.

On the other hand, treating any connection error as a removal verification would mean that if the asset server is temporarily down or our internet is temporarily not working, we would wrongly think that the proof was removed while in fact its still there. We will still have the signature as a verification, so I guess it wouldn't be too terrible?

@greenaddress
Copy link

I think users should make a message like

"remove $asset_id from registry"

I don't think we even need to check that the asset was removed from the server, they could add it 3 mins later if they wanted to and we can side step the issues you mentioned of timeout, domain expiry and dns resolving etc

We do not need to keep a record of deleted entries (other than git) nor we should forbid re-registering of them.

@shesek
Copy link
Collaborator

shesek commented Apr 8, 2020

I don't think we even need to check that the asset was removed from the server

I agree, it doesn't really tell us that much and the signature already provides a strong form of authentication.

We do not need to keep a record of deleted entries (other than git)

I'll keep the digital signature as part of the git commit message that removes the asset from the db.

@shesek
Copy link
Collaborator

shesek commented Apr 8, 2020

Implemented in 4c064b2, 2bcbcfe & 9b072e1, unit tests added in f27107e.

Will keep this issue open until its deployed and tested on the live server.

@shesek
Copy link
Collaborator

shesek commented Apr 10, 2020

The changes are live and I successfully deleted a test asset on the live server.

To delete an asset, the issuer needs to sign the message "remove <asset-id> from registry" and make the following HTTP DELETE request:

$  curl -X DELETE https://assets.blockstream.info/<asset-id> \
    -H 'Content-Type: application/json' \
    --data '{"signature":"<base64-encoded-signature>"}'

@shesek
Copy link
Collaborator

shesek commented May 4, 2020

Do we want to do some kind of challenge-response, have the issuer sign over some nonce or maybe a recent timestamp?

Should we prevent deleted issued from being re-registered?

@greenaddress Note that answering "no" on these two questions means that if the issuer re-registers a deleted asset, anyone who gets hold of the old deletion signature (say, from the git history) can delete it from the registry again.

Also, if an issuer deletes an asset without removing the domain link proof, there's nothing preventing a third party from re-registering the asset to the registry by submitting the original json contract again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants