Tendermint: consensus: do we need to sign heartbeat?

Created on 13 Oct 2018  路  3Comments  路  Source: tendermint/tendermint

The Heartbeat message is sent by proposers if they have create_empty_blocks=false or create_empty_blocks_interval > 0, while they are waiting (either for txs or for the interval to expire).

It's only purpose is debugging. The receiver just logs the msg, but doesn't do anything else with it.
The message is signed, but we never check the signature.

Since we're not checking signatures, we probably shouldnt sign heartbeats at all, and remove all the associated code for doing so. We also probably don't want to get spammed with heartbeat messages, so perhaps we can put them behind a debug flag configuration all together?

consensus validator
Source
picture ebuchman
👍3

Most helpful comment

I agree with @milosevic on this. If we could remove it completely this would be much cleaner and probably safer.

picture liamsi on 15 Oct 2018
👍3

All 3 comments

If it's only used for debugging maybe we should consider removing it completely. We should probably try to reduce number of messages exchanged as every message is opening DDoS attack. Ideally, all messages we exchange should be signed and could be part of proof of misbehaviour.

milosevic picture milosevic on 15 Oct 2018
👍3

I agree with @milosevic on this. If we could remove it completely this would be much cleaner and probably safer.

liamsi picture liamsi on 15 Oct 2018
👍3

Closing for https://github.com/tendermint/tendermint/issues/2871

We should remove the heartbeat completely. Nodes can log the message locally - doesn't seem like there's much additional benefit to sending it to their peers.

ebuchman picture ebuchman on 17 Nov 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ebuchman picture ebuchman  路  3Comments
erikgrinaker picture erikgrinaker  路  3Comments
dshulyak picture dshulyak  路  3Comments
melekes picture melekes  路  4Comments
melekes picture melekes  路  3Comments