Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: add ADR for Partial Set Security #1584

Merged
merged 26 commits into from
Jan 31, 2024
Merged

Conversation

insumity
Copy link
Contributor

Description

Closes: #1571

Add ADR for Partial Set Security.


Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

  • included the correct docs: prefix in the PR title
  • targeted the correct branch (see PR Targeting)
  • provided a link to the relevant issue or specification
  • reviewed "Files changed" and left comments if necessary
  • confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

  • Confirmed the correct docs: prefix in the PR title
  • Confirmed all author checklist items have been addressed
  • Confirmed that this PR only changes documentation
  • Reviewed content for consistency
  • Reviewed content for spelling and grammar
  • Tested instructions (if applicable)
  • Checked that the documentation website can be built and deployed successfully (run make build-docs)

@github-actions github-actions bot added C:Docs Assigned automatically by the PR labeler C:ADR Assigned automatically by the PR labeler labels Jan 22, 2024
@insumity insumity marked this pull request as ready for review January 22, 2024 16:14
@insumity insumity requested a review from a team as a code owner January 22, 2024 16:14
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
p-offtermatt
p-offtermatt previously approved these changes Jan 23, 2024
Copy link
Contributor

@p-offtermatt p-offtermatt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some first comments. I got to parts that we clearly discussed and decided on differently yesterday, so I'll keep off it and let you revise before I continue.

docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
@sainoe sainoe self-requested a review January 25, 2024 10:08
Copy link
Contributor

@mpoke mpoke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work @insumity. See my comments below.

docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
gaiad query provider optedInValidators $chainId
```

#### When do validators opt in?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To implement top-n, we should just have an automatic process every block or epoch or whatever, which automatically opts in validators in the top-n, just as if they had sent the message themselves.


`top_N` can be up to 95% to capture the current case of Replicated Security where we allow the bottom 5% of validators to opt out. There is no reason for `top_N` to be higher than 95%. Smaller chains that belong in the bottom 5% validators can choose to opt in if they want to validate.

So, the fields can take the following values:
Copy link
Contributor

@jtremback jtremback Jan 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This might change, not a huge deal. We may want to change how much we limit the number of top n options that are available, but that can be a very surface level thing here in the prop

Note that in a Top N consumer chain, the top `N%` provider validators have to validate the consumer chain.
Nevertheless, validators in the bottom `(100 - N)%` can opt in to validate as well.
Provider validators that belong to the top `N%` validators are immediately opted in to validate a Top N consumer chain.
This means that if a validator `V` belongs to the top `N%` validators but later falls (e.g., due to undelegations) to the bottom `(100 - N)%`, `V` would still be considered opted in and has to validate unless `V` sends a `MsgOptOut` message (see below).
Copy link
Contributor

@p-offtermatt p-offtermatt Jan 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So you would have to opt out again every time you get in the top N, right?
i.e.
val V is in top N
falls below top N
opts out
gets back in top N
falls below again
has to opt out again

not really a problem, because this is already annoying and validators that skirt in and out of top N probably also don't really want to turn on/off their nodes all the time, so they'd probably just stay opted in until they are for sure not in the top N anymore, but maybe something to remember to communicate properly

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc-ing @jtremback in regards to the later communication part

Copy link
Contributor

@mpoke mpoke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work @insumity. Just some nits.

docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-015-partial-set-security.md Outdated Show resolved Hide resolved
@insumity insumity added this pull request to the merge queue Jan 31, 2024
@insumity insumity removed this pull request from the merge queue due to a manual request Jan 31, 2024
@insumity insumity added this pull request to the merge queue Jan 31, 2024
Merged via the queue into main with commit 196c327 Jan 31, 2024
13 of 14 checks passed
@insumity insumity deleted the insumity/partial-set-security-ADR branch January 31, 2024 10:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
C:ADR Assigned automatically by the PR labeler C:Docs Assigned automatically by the PR labeler
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Write an ADR for Partial Set Security
5 participants