You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We should sample time from multiple sources too, which NTS should support since NTP always did. It's maybe worth looking at exactly how NTP/NTS combines multiple sources too: If they use a median then that's wonderful. We'll think about it if they do something else.
We need to chose the default list of secure time services too, so cloudflare, google, etc, but also some in Europe, Asia, South America, etc.
We know actual decentralized approximate time protocols, which likely make sense eventually, but they could still be attacked if all the validators have their NTP sources biased, so NTS remains important, and NTS alone gets us much of the way there. I'd expect they merely provide sanity checks on NTS in practice.
The text was updated successfully, but these errors were encountered:
We could likely solve this entirely outside substrate, just in the choice of recommended linux distribution, but it's still worth discussing the defaults like who we ask for times, and how they're combined.
Around "decentralized" sanity checks, we know three network strategies by which validators share their times:
Use babe/sassafras - Least precise sanity check, but very robust since babe/sassafras keep running if grandpa fails. Cardano proposed this, and Handan explored something very similar, so likely this suffices.
Use grandpa votes - It's more precise I guess, but maybe overkill based upon the analysis noted above.
Use some hardbeat sent over the existing direct connections between validators - This can avoid the delays of gossip, making it similar quality to NTP/NTS, and maybe even fits into NTP/NTS somehow.
We could likely solve this entirely outside substrate, just in the choice of recommended linux distribution, but it's still worth discussing the defaults like who we ask for times, and how they're combined.
This sounds like something that should be added to the validator guide. So, they activate it correctly etc.
Use babe/sassafras - Least precise sanity check, but very robust since babe/sassafras keep running if grandpa fails. Cardano proposed this, and Handan explored something very similar, so likely this suffices.
Yeah this is something we discussed already way back before genesis of Polkadot AFAIR.
Network Time Security (NTS) should probably replace vanilla NTP. See rfc8915. We should look over the existing Implementations:
We should sample time from multiple sources too, which NTS should support since NTP always did. It's maybe worth looking at exactly how NTP/NTS combines multiple sources too: If they use a median then that's wonderful. We'll think about it if they do something else.
We need to chose the default list of secure time services too, so cloudflare, google, etc, but also some in Europe, Asia, South America, etc.
We know actual decentralized approximate time protocols, which likely make sense eventually, but they could still be attacked if all the validators have their NTP sources biased, so NTS remains important, and NTS alone gets us much of the way there. I'd expect they merely provide sanity checks on NTS in practice.
The text was updated successfully, but these errors were encountered: