Hi Folks,
Based on the replies and questions on this thread, we (DFINITY) thought we would share some clarity regarding the edge infrastructure of the IC (boundary nodes). We thought we’d share the vision/design and compare with the state of the world to see the gaps.
The Vision
The vision and design intent for boundary nodes is:
- Boundary nodes aid in canister discoverability and scale query call performance.
- Boundary nodes can perform content filtering - Based on discussions with the community, the design intent is that the IC should also use boundary nodes for content filtering, an idea that came from the community, not DFINITY. Without going into the whole design rationale (you can click on the link and read more), some folks on this thread mentioned that this design decision was not formalized via an NNS Motion proposal. We think that is a reasonable ask and will submit an NNS motion proposal for this.
- Boundary nodes are run by many entities - Very importantly, the vision is that many entities run many boundary nodes and that boundary node deployment be managed by the NNS, similarly to replica nodes today.
The State of the World
As of writing this post, there is a gap between vision and implementation.
- Boundary nodes do help with canister discoverability
- Boundary nodes can and do filter content so they can stay online in their jurisdictions
- Boundary nodes are NOT yet run by many different entities.
At high level, the main reason that boundary nodes are not yet run by many entities is organizational focus. I will explain in simple terms:
- Boundary Nodes need TLS certificates to establish a secure connection with users’ browsers.
- To do this in a decentralized (many entities) and secure way, IC needs to have tailored Multiparty computation (MPC) for efficient TLS session establishment, which does not exist today and is a very complex piece of cryptography that will take time to develop.
- The researchers and engineers at DFINITY who are scheduled to work on this are currently focused on finishing Threshold ECDSA and Bitcoin integration which needs to be finished first.
Our belief is that once these big projects are shipped, we can focus on MPC for TLS.
I realize I stayed high level, but that should give folks in the community the understanding through the mountain of details and facts