ASMap
Speakers: Fabian Jahr
Date: April 25, 2023
Tags: Bitcoin core, Security enhancements
Category: Core dev tech
Should we ship it every Core release?
- The initial idea is shipping a map file every Core release. Fabian wrote an article about how would be integrated into the deployment (https://gist.github.com/fjahr/f879769228f4f1c49b49d348f80d7635).
- Some devs pointed out an option would be to have it separated to the release process, any regular contributor could update it whenever they like (who would do it? frequency?). Then when the release comes around one of the recent ones will be chosen. People running their own node can also choose the latest version from this repo and use it if they want a newer version.
How to validate it?
- Validation has been pointed out as the most difficult step of the process.
- In order to give a definitive answer that an asmap file is definitely not malicious we would need some manual work, potentially a lot and more than we can handle for a single release, we have tools to compare different files, but it’s hard to check what the diffs mean.
- Certain checks can still be done in a timely manner and even automated, we will try to do that as much as possible
- PeeringDB has a track record of ASes, could help on this process? Someone used it for manual verification.
Network topology
- There were some discussions about topology. If most nodes adopt asmap, would it probably affect network topology?
- (This discussion was based on a presentation of vir7u but most hadn’t seen the presentation so it stayed mostly hypothetical. Contributors will reach out to him to get more insights and the recording of the talk should be uploaded shortly.)
Documentation
- Do we have documentation about how users could generate their own file? (maybe in Core?) Yes but currently there are three different tools that make it possible and we need to get to consensus which tool should be used for what and then we can update the docs.
Reliability on data sources
To build it, we fetch data from RIPE RIS, RPKI and IRR. Some people pointed out about the reliability of these data sources. Should we trust them? How can we know if they are not acting maliciously at some point? The data sources were selected and are preferred based on the security they provide. RPKI is the most secure but only provides 70% coverage so we need the other sources (see in-depth discussion of data sources here: https://gist.github.com/fjahr/bf0ff0917e03a4e49fac0617b2b35747)
Someone asked whether one the data sources has signatures.
- RPKI is used to let the legitimate holder of a block of IP addresses make an authoritative statement about which AS is authorized to originate their prefix in the BGP