<DRAFT> CIP-XXXX: Building a Name Resolution Service for Permissioned Blockchain Infrastructure - A Hybrid Tiered Approach

[zhihezhang2]

Draft CIP on thoughts on building a hybrid and tiered name resolution service

[meiersi-da]

Thanks for the input. Here are my comments from a first review.

[meiersi-da]

May be answered later: why does it have to be super validators that serve this information?

[meiersi-da]

I'd have expected an institutions own address book to have the highest trust level.

[zhihezhang2]

Yes. I don't want the CIP to read as mandating super validators.
The essential requirement for "Tier 1" is a highly trusted, highly available, accountable operator that prevents conflicts at registration, not super validators specifically.

Off the top of my head, here's some examples -

1. Bank/institution name --> settlement address.
   If "J.P. Morgan" resolves to the wrong Party, a payment goes to an impostor.
   There must be exactly one agreed answer before funds move.

2. Stablecoin / asset name --> issuer Party.
   "USDC" must point to the real issuer.
   A fake answer lets someone pass off counterfeit assets as genuine.

3. The canonical .canton namespace root.
   Whoever controls "who owns acme.canton" controls a network-wide single source of truth. That registration authority itself must be maximally trusted.

4. Super-validator / core operator identities themselves.
   The list of "which Party is actually an SV / Global Synchronizer operator". Spoofing this undermines trust in the network's own infrastructure.

I think of these types of mapping to be "axiom" of Canton ecosystem.
But conversely - whether if these need to be hosted by SV is truely debatable.
The amount mapping under this category is tiny.

[meiersi-da]

the label does not have to be meaningful

[meiersi-da]

it's just an arbitrary label

[meiersi-da]

participant nodes are not permissioned. the permissioning happens at the application level. see: https://www.canton.network/faq

Is Canton Network a public network?
Canton Network is a public network. Anyone can request a validator node (currently sponsorship is needed) and then participate in consensus related to transactions they are a party to. Anyone can take part in governance via the Foundation. Permissioning for any given application is defined on an application by application basis - as permissioned, or permissionless as the app provider wants.

Similarly, the internet operates as a public network, but not all websites are open or permissionless. For example, your bank’s customer portal is part of the internet but is permissioned. In the same way, Canton enables each application to define its own level of openness and privacy. This flexibility allows applications to range from fully permissionless to entirely private, all operating on an open network that allows applications to interoperate with each other.

[meiersi-da]

Super Validators have a well-established role on the Canton Network: operate the Global Synchronzier and Canton Coin. It's not clear why they should also take a role in operating CNS.

[zhihezhang2]

Agreed. If we assume some mappings must be maintained by a highly trusted entity, SVs are not necessarily the only ones capable of it.

We could potentially see a world where some "highly trusted and neutral" name resolvers step in to fill that role instead. The intent is to specify the trust requirement, not to mandate SVs specifically.

[zhihezhang2]

That said, in today's world SVs are probably the closest thing we have to "highly trusted and neutral", which are already vetted, accountable, and as available as the global synchronizers themselves.

[waynecollier-da]

@zhihezhang2 I think it might make sense for the SVs to approve name registrars, and determine which name spaces those name registrars can use.

[zhihezhang2]

approve name registrars, and determine which name spaces those name registrars can use

I'd put this in the governance bucket (as opposed to operating the name service data or mappings themselves).

SVs don't need to manage the mapping data or run the resolvers, these can be delegated.
What belongs with SVs is the governance and a small set of key metadata of the name service: accrediting registrars, delegating which namespaces each may use, and holding the namespace root.

^ I'll get this updated and reflected in the proposal.

[zhihezhang2]

Note - CNS needs to design for name resolution service to be also permissioned. Some translation may prefer not to be directly publicly revealed.

[zhihezhang2]

Note - Include some examples in this section to elaborate real life use cases.
There are both internal facing and external facing sources. Utilimately giving instiutions the flexbility, ultimately help to reduce fraction to onboard onto Canton ecosystem.

[zhihezhang2]

Willingness of super vlidators in hosting name service need to be discussed/challenged.
There may be a very small set of data that would be hosted by super validators.

This can be solved by having more tiers of metadata defined, beyond just 2 tiers
e.g.
Tier 1 - super validators
Tier 2 - ?
Tier 3 - individual banks or self hosted name service