Author

Topic: Is Stellar Permission-less? (Read 713 times)

newbie
Activity: 58
Merit: 0
February 16, 2017, 05:03:47 PM
#4
You can operate your stellar-core in two modes, validating or observing. If you are in validating mode you are both listening and participating in consensus.
But semantics aside, in Stellar anyone can participate in consensus. As in anyone can both listen and talk. It is true that maybe no one else will want to listen to you but there is certainly no barrier in the protocol keeping people from talking. And again if there is some cartel or some group that people feel are getting too much control it is trivial to set up your own nodes that are fully participating in consensus and have the non-cartel nodes listen to each other.

This is simply not how reality works when it comes to namespaces, and supposing it were, it would also be bad, because in both instances you are sacrificing security.

In the first instance, where a cartel is formed, the namespace is fully controlled and censored by them.

In the second hypothetical scenario you raise, where a second cartel is created over the same namespace, you have a global conflict over the namespace and effectively a group-based MITM attack. In other words, the total destruction of consensus.

So in both instances: Bad Things™.

Quote
Also I'm not sure what people have in mind for the IETF ILC thing

You may want to pay attention to how your software is actually going to be used.
jed
full member
Activity: 182
Merit: 107
Jed McCaleb
February 16, 2017, 03:54:37 PM
#3
You can operate your stellar-core in two modes, validating or observing. If you are in validating mode you are both listening and participating in consensus.
But semantics aside, in Stellar anyone can participate in consensus. As in anyone can both listen and talk. It is true that maybe no one else will want to listen to you but there is certainly no barrier in the protocol keeping people from talking. And again if there is some cartel or some group that people feel are getting too much control it is trivial to set up your own nodes that are fully participating in consensus and have the non-cartel nodes listen to each other.

Also I'm not sure what people have in mind for the IETF ILC thing (I haven't had a chance to catch up on what is being discussed/proposed) but you can also easily have multiple independent stellar networks.
newbie
Activity: 58
Merit: 0
February 16, 2017, 03:25:00 PM
#2
There was a thread on twitter (https://twitter.com/taoeffect/status/832041974735654912) debating this question and I wanted to move it here since discussions on twitter usually aren't that productive.

In my view Stellar is definitely permission-less. Anyone can run a validator. You don't need permission from anyone to join or use the network.

Jed, it seems like there may be a misunderstanding over what the word "permissionless" means.

Yes, anyone can run a validator, but that does not make Stellar permissionless. The question is: permission for what?

Validation refers to validation of a log of events. In other words, validation is listening.

Consensus, on the other hand, is both listening and talking.

Stellar does not allow anyone to talk (participate in consensus of the creation of the log). It only allows anyone to listen (validate what the talkers are saying).

If the talkers/consensus-group/cartel is creating a namespace, as is the proposal in the IETF ILC list, then any proposal to restrict consensus to any one system is by definition a hostile takeover of the ICANN/DNS namespace by a cartel.

To quote from this message on the IETF ILC:

Quote
What this group is doing, which is not very clear from its self-description, is the creation of a consensus-based namespace.

The Internet does not currently have consensus-based namespaces.

DNS, for example, does not operate on any real form of consensus.

For this reason, it is also not secure. Anyone who can MITM a network connection, can override apple.com to be anything they want, along with any other name in the insecure, federated ICANN namespace.

A *consensus-based namespace*, on the other hand—as this group and [trans] are proposing—consolidates ownership and definition of the entire namespace to a group that attempts to maintain consensus.

The means by which consensus is achieved *matters a great deal*, but some general statements are possible too.

In the example of Stellar, consensus is restricted to a small cartel, and the protocol's inability to resolve consensus forks means that this cartel will most likely only get smaller over time, since participation requires the _permission_ of the existing cartel. FYI, Stellar's marketing in this department is also highly misleading [1].

What you're left with is a log, and it can be "append-only", but that really doesn't matter much if the proposal is for the /entire Internet/ to use *just* that one log. That is tantamount to a global, Internet takeover by a cartel.

It's important to emphasize: _such a group would have *total power* to decide who is and who is not allowed to have a website._

A consensus-based namespace offers security—but only if it's not a defacto namespace, but one of an arbitrary number of consensus-based namespaces.

Getting back to your comment above:

Quote
Keep in mind that this can also easily happen in bitcoin, if a cartel of miners with over 51% of the hashing decide to stop accepting blocks from people outside of cartel they can do this. The difference is in bitcoin it would be hard to ignore the cartel and there is economic incentive for the cartel to take all the blocks.

You'll notice I am also against using Bitcoin to define a defacto namespace: https://twitter.com/taoeffect/status/832081089787097088

No single consensus system can be a defacto Internet namespace. Let a thousand consensus-based namespaces bloom.
jed
full member
Activity: 182
Merit: 107
Jed McCaleb
February 16, 2017, 02:08:10 PM
#1
There was a thread on twitter (https://twitter.com/taoeffect/status/832041974735654912) debating this question and I wanted to move it here since discussions on twitter usually aren't that productive.

In my view Stellar is definitely permission-less. Anyone can run a validator. You don't need permission from anyone to join or use the network.

Greg, in the case that you are concerned with that there could be some "cartel" of validators that are all listening to each other and no one else, it is trivial for people to set up their own validators outside this cartel and listen to each other.

Keep in mind that this can also easily happen in bitcoin, if a cartel of miners with over 51% of the hashing decide to stop accepting blocks from people outside of cartel they can do this. The difference is in bitcoin it would be hard to ignore the cartel and there is economic incentive for the cartel to take all the blocks.

Jump to: