Re: is an orderer node technically a peer node?
toggle quoted messageShow quoted text
#3 is what I was kind of considering.
And regarding the malicious acts, I was wondering too about more subtle cases like let's say the member running the orderer is also an endorser. The orderer doesn't see the transactions contents (at least that's my understanding), but the endorser obviously does. It could be that the endorser and orderer could collude in such a way to delay certain commits from certain members so that they timeout, allowing the evil member to perhaps execute similar transaction before the original proposer re-posts his. Since this could occur sporadically, the member maintaining the orderer could, for example, claim temporary network issues. Yes, if this is done with enough frequency the negatively affected members would start suspecting something is not right, but you know, a single high value ($$$) transaction could be all it takes.
On Sunday, May 13, 2018, 11:58:59 AM EDT, Alexandre Pauwels <alexj.pauwels@...> wrote:
These are good questions for orderer ownership. The options you have are as follows:
1. One member of the network runs the orderer, that member must be trusted by everyone else.
2. A third party trusted by all members of the network but not itself a transacting member of the network can run the orderer for everyone.
3. All parties involved in the network each run an orderer and they all communicate and coordinate via Kafka.
I would rank these in order from least to most secure.
Whoever runs the orderer does have significant control over the integrity of the DL. Although it cannot generate arbitrary transactions and submit them to committing peers (as long as the channel chaincode requires endorsements from other members, otherwise, it can; however, this is moot because in that case everyone could submit any transaction anyways), it can decide to re-order the way transactions appear to peers, or select who will or won't receive certain transactions.
There are mitigations to this issue. For one, individual members of the network can regularly compare each other's ledgers and list of blocks to check for irregularities. Although a malicious orderer can't necessarily be kept from performing maliciously, the members of the network can organize themselves in such a way that hijinks are detected quickly and the situation addressed.
Hope that helps, I am also learning so if an expert finds fault in some of my claims please let me know!
On Sun, May 13, 2018, 10:34 AM Luiz Omori via Lists.Hyperledger.Org <luiz_omori=yahoo.com@...> wrote: