I am trying to group questions for a given spec together, feel free to criticize the format and suggest a more practical one.
High availability/uptime
In https://github.com/vacp2p/specs/blob/fb198dc0e46c9ada1d4ddc8a73f431dd3ab978fa/specs/waku/v2/waku-store.md#L37, both high availability and high uptime terms are used. It is unclear (to me) what is the difference between both. I'd suggest to easier clarify or use a unique terminology if they represent the same concept.
Attack by omission
https://github.com/vacp2p/specs/blob/fb198dc0e46c9ada1d4ddc8a73f431dd3ab978fa/specs/waku/v2/waku-store.md#L46, the assumption that a node implementing the WakuStore protocol is made.
As we consider this assumption when defining the protocol, how do we protect users from nodes that are doing omission attacks?
For example, in the context of Waku being used to signal user that it is time to vote on a given DAO, FooDaO. Alice wants to minimize the number of voters, to exercise more influence with her own vote for example.
Alice is running several WakuStore nodes and knows that FooDAO voting notification are being sent now.
She then setup her node to omit any FooDAO related message while otherwise behaving as per protocol.
In this case, her attack could be successful depending on her WakuStore market share.
Note: if she cannot differentiate FooDAO messages to other messages, she could just omit all messages during the notification period.
Digest
The format used for the digest is not specified. It would be good to specify what is currently used by the implementation. Have you looked into multihash?
Received time in HistoryQuery
Considering that the queried node MAY use the receivedTime (as part of the index) to sort messages, it means that a querying node should always retrieve its whole history to ensure no messages are missed. Am I correct? Aren't we worried about bandwidth consumption in this instance?
I am trying to group questions for a given spec together, feel free to criticize the format and suggest a more practical one.
High availability/uptime
In https://github.com/vacp2p/specs/blob/fb198dc0e46c9ada1d4ddc8a73f431dd3ab978fa/specs/waku/v2/waku-store.md#L37, both high availability and high uptime terms are used. It is unclear (to me) what is the difference between both. I'd suggest to easier clarify or use a unique terminology if they represent the same concept.
Attack by omission
https://github.com/vacp2p/specs/blob/fb198dc0e46c9ada1d4ddc8a73f431dd3ab978fa/specs/waku/v2/waku-store.md#L46, the assumption that a node implementing the
WakuStoreprotocol is made.As we consider this assumption when defining the protocol, how do we protect users from nodes that are doing omission attacks?
For example, in the context of Waku being used to signal user that it is time to vote on a given DAO, FooDaO. Alice wants to minimize the number of voters, to exercise more influence with her own vote for example.
Alice is running several
WakuStorenodes and knows that FooDAO voting notification are being sent now.She then setup her node to omit any FooDAO related message while otherwise behaving as per protocol.
In this case, her attack could be successful depending on her
WakuStoremarket share.Note: if she cannot differentiate FooDAO messages to other messages, she could just omit all messages during the notification period.
Digest
The format used for the digest is not specified. It would be good to specify what is currently used by the implementation. Have you looked into multihash?
Received time in
HistoryQueryConsidering that the queried node
MAYuse thereceivedTime(as part of the index) to sort messages, it means that a querying node should always retrieve its whole history to ensure no messages are missed. Am I correct? Aren't we worried about bandwidth consumption in this instance?