Verify proofs before returning them
RJPercival opened this issue · comments
Trillian's API handlers that return proofs should verify them before returning them. This would allow Trillian to detect data corruption before exposing it to clients. Ideally, it would expose a metric that allowed for alerting when data corruption of this kind is detected.
@gdbelvin and I have talked about this before. There are a few ways to do this. Some dimensions for consideration:
- When? Do this work inline or async?
- Where? In this task or have another server that is responsible for performing this
- If another server: transparent proxy, or a server that is delegated to?
- How much? All traffic, or is sampling good enough?
Nice graph! For clarity, what is the proposed return in the sync case where an invalid proof is detected?
I was thinking an INTERNAL
error, since this should only happen if there's something very wrong internally.
This feels like a nice feature, but it could be done in a personality. Making it integral in Trillian may inflict unwanted performance impact. Alternatively, it can be made configurable, which increases the overall complexity of Trillian.
Realistically, we are not planning to work on this shortly.