Re: is an orderer node technically a peer node?
toggle quoted messageShow quoted text
These are good questions for orderer ownership. The options you have are as follows:
1. One member of the network runs the orderer, that member must be trusted by everyone else.
2. A third party trusted by all members of the network but not itself a transacting member of the network can run the orderer for everyone.
3. All parties involved in the network each run an orderer and they all communicate and coordinate via Kafka.
I would rank these in order from least to most secure.
Whoever runs the orderer does have significant control over the integrity of the DL. Although it cannot generate arbitrary transactions and submit them to committing peers (as long as the channel chaincode requires endorsements from other members, otherwise, it can; however, this is moot because in that case everyone could submit any transaction anyways), it can decide to re-order the way transactions appear to peers, or select who will or won't receive certain transactions.
There are mitigations to this issue. For one, individual members of the network can regularly compare each other's ledgers and list of blocks to check for irregularities. Although a malicious orderer can't necessarily be kept from performing maliciously, the members of the network can organize themselves in such a way that hijinks are detected quickly and the situation addressed.
Hope that helps, I am also learning so if an expert finds fault in some of my claims please let me know!
On Sun, May 13, 2018, 10:34 AM Luiz Omori via Lists.Hyperledger.Org <luiz_omori=yahoo.com@...> wrote: