Skip to content

RFC-22: IP Ownership Verification Service for user connection#2304

Open
juan-malbeclabs wants to merge 5 commits into
mainfrom
jo/rfc11-ip-verification
Open

RFC-22: IP Ownership Verification Service for user connection#2304
juan-malbeclabs wants to merge 5 commits into
mainfrom
jo/rfc11-ip-verification

Conversation

@juan-malbeclabs

@juan-malbeclabs juan-malbeclabs commented Nov 26, 2025

Copy link
Copy Markdown
Contributor

Adds RFC-22, which specifies an IP Ownership Verification step for DoubleZero user creation: an external IP Verification Service issues a signed IpOwnershipProof that the serviceability program validates onchain before binding a client_ip.

RFC: rfcs/rfc22-ip-verification.md

Summary

  • Targets a concrete gap: for wildcard access passes (0.0.0.0 / allow_multiple_ip, including the EdgeSeat passes issued by the shred-oracle) the program accepts any globally-routable client_ip without verifying control of it (create_core.rs:173-183; is_global only checks routability). The proof re-introduces the missing per-IP control, closing IP squatting/DoS (User PDA is keyed by (client_ip, user_type)) and traffic-misdirection risks.
  • Control lives onchain, so it is not bypassable: signature validated via the native Ed25519 precompile + Instructions sysvar introspection; an attacker cannot obtain a proof for an IP they can't originate traffic from.
  • Complements, not replaces, AccessPass: AccessPass still gates who connects; the proof governs which IP may be bound.
  • Honest scope: documents origin-vs-ownership limits (NAT/CGNAT/shared egress), source-IP consistency on multi-homed hosts, the centralized verifier trust root + rotation, and a legacy compatibility window.

Changes vs. previous revision

  • Renumbered RFC 12 → RFC-22 (file rename + CHANGELOG entry).
  • Rewrote the design around an onchain-validated proof and reconciled it with the existing AccessPass / dynamic-IP / EdgeSeat mechanisms (previously unmentioned).
  • Specified the Solana Ed25519 verification mechanism (precompile + sysvar), fixed inconsistencies (POST vs GET, removed the unverified "payer signature", client_ip: u32Ipv4Addr), and filled the empty template sections (New Terminology, Alternatives Considered, Impact).

Testing Verification

  • Documentation-only change. Verified the file follows rfcs/rfc0-template.md (all sections present, none empty), the mermaid diagram is well-formed, and no stale "RFC 11/12" references to this RFC remain in rfcs/ or CHANGELOG.md.
  • Technical claims cross-checked against create_core.rs:173-183, state/user.rs:381, processors/accesspass/set.rs, the CLI connect/check_accesspass path, and the shred-oracle EdgeSeat flow in doublezero-shreds.

@juan-malbeclabs juan-malbeclabs changed the title RFC 11- IP Ownership Verification Service for user connection RFC 12- IP Ownership Verification Service for user connection Nov 26, 2025
@juan-malbeclabs juan-malbeclabs force-pushed the jo/rfc11-ip-verification branch from 880dbba to 5eb6bcc Compare June 23, 2026 18:11
@juan-malbeclabs juan-malbeclabs changed the title RFC 12- IP Ownership Verification Service for user connection RFC-22: IP Ownership Verification Service for user connection Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants