HLF v1.0.2 - 安装由多个所有者签名的链码
HLF v1.0.2 - installing chaincode signed by multiple owners
目前,默认情况下可以安装仅具有发出安装交易的节点身份签名的链码。
问:如何设置结构网络以强制安装由定义的所有者签名的链代码?
我的理解是,当前的实现允许管理员使用相同的名称和版本在每个节点上安装不同的链代码。因此,只要这些不同的链代码在背书阶段产生相同的 read/write 集,交易将在稍后得到积极验证。
它可能导致例如如果 single 背书对等方将受到损害,则可以进行 DoS 攻击。
这是一个很好的问题,实际上是针对 1.1 的活动 improvement 的重点 - 改进链代码的生命周期管理。
引用 JIRA:
The chaincode lifecycle is implemented as an endorser transaction,
because it modifies the state database. However, all of the real
validation of the instantiation is actually done in an ad-hoc
psuedo-simulation style in the VSCC. Therefore, it makes sense to
remove the endorsement step, and simply perform all validation during
the commit phase.
The channel config already supports this style of zero-endorsement,
validation-only transactions with multiple signatures, so it is a
natural fit for managing chaincode lifecycle. However, unlike channel
config operations which are processed by the orderer, chaincode
lifecycle falls entirely within the scope of of the peer and should
not require (nor is it desirable to require) the orderer's involvement
for these operations.
目前,默认情况下可以安装仅具有发出安装交易的节点身份签名的链码。
问:如何设置结构网络以强制安装由定义的所有者签名的链代码?
我的理解是,当前的实现允许管理员使用相同的名称和版本在每个节点上安装不同的链代码。因此,只要这些不同的链代码在背书阶段产生相同的 read/write 集,交易将在稍后得到积极验证。 它可能导致例如如果 single 背书对等方将受到损害,则可以进行 DoS 攻击。
这是一个很好的问题,实际上是针对 1.1 的活动 improvement 的重点 - 改进链代码的生命周期管理。
引用 JIRA:
The chaincode lifecycle is implemented as an endorser transaction, because it modifies the state database. However, all of the real validation of the instantiation is actually done in an ad-hoc psuedo-simulation style in the VSCC. Therefore, it makes sense to remove the endorsement step, and simply perform all validation during the commit phase.
The channel config already supports this style of zero-endorsement, validation-only transactions with multiple signatures, so it is a natural fit for managing chaincode lifecycle. However, unlike channel config operations which are processed by the orderer, chaincode lifecycle falls entirely within the scope of of the peer and should not require (nor is it desirable to require) the orderer's involvement for these operations.