fedimint icon indicating copy to clipboard operation
fedimint copied to clipboard
verified publisher icon fedimint

Federation setup

Open elsirion opened this issue 3 years ago • 6 comments

The ideal federation setup workflow would look as follows:

  1. Configure federation server with two bind addresses p2p and web and one datadir path datadir
  2. Start federation server
  3. If datadir isn't populated: 3.1 Start web server binding to web 3.2 Let user set an admin password 3.3 Let user enter IP addresses and TLS certificates of other guardians 3.4 Run distributed key generation protocols to generate config 3.5 Write config to datadir
  4. If datadir is populated (is the case after 3.) 4.1 Load config, open database/create it if not present 4.2 Start federation consensus

elsirion avatar Jul 20 '22 16:07 elsirion

Would (1) just be arguments passed to fedimintd or whatever we call it? I imagine we could have defaults for the bind addresses at least, and perhaps the datadir too.

Do you imagine web will be the same server as with the server_endpoints()? Because those will need a bind address in any case ...

justinmoon avatar Jul 21 '22 09:07 justinmoon

Would (1) just be arguments passed to fedimintd or whatever we call it? I imagine we could have defaults for the bind addresses at least, and perhaps the datadir too.

Either that or yet another config file. But I'm slightly in favor of just making them command line arguments.

Do you imagine web will be the same server as with the server_endpoints()? Because those will need a bind address in any case ...

That might be tricky now that we migrated to web sockets. Could we also reply to normal HTTP requests on the same port with our current setup @Maan2003? There's also an argument to be made that guardians would not want to expose the admin interface to the public (even though protected by auth) but they have to expose the client API.

elsirion avatar Jul 21 '22 09:07 elsirion

Could we also reply to normal HTTP requests on the same port with our current setup @Maan2003?

It is not possible with current setup. But migration should be easy because server stuff is in a single file.

maan2003 avatar Jul 21 '22 16:07 maan2003 

   3.4 Run distributed key generation protocols to generate config

Is there an existing protocol for this?

jkitman avatar Jul 21 '22 16:07 jkitman

For HBBFT we got an implementation in the crate that I just need to understand again, for TBS I'd go with GJKR (I think there's a more recent version from 2006 that I cited in a paper but can't find it right now). For Bitcoin we just exchange pub keys :laughing:

elsirion avatar Jul 21 '22 17:07 elsirion

Tasks to complete:

  • [ ] Implement DKG
  • [ ] Configs for DKG
    • Change configs to only require addresses, TLS certs, optional ports, denominations
    • Persist configs on first run
  • [ ] Handling errors (identify faulty peer)

jkitman avatar Sep 23 '22 19:09 jkitman

Think we can close this in favor of more up-to-date issues.

jkitman avatar Nov 22 '22 12:11 jkitman