I’d like to start a discussion about a new feature that is currently being worked on at DFINITY.
While responses to update calls bear a subnet signature, query calls are handled by single replicas and their responses are not trustworthy. Certified data/variables can be embedded in responses to query calls but this approach requires extra work for developers and is not always feasible.
The ultimate goal is to have “certified queries”, which, as the name suggests, make it possible to verify the correctness of query responses.
As a first step in this direction, we’d like to introduce replica signatures in query responses: every response to a query call will contain a signature, signing specific parts of the response using the replica’s own private key. The recipient can validate the query response by first fetching the public keys of the replicas from the state tree of the corresponding subnet, reading out the public key of the signing replica, and then verifying the signature. Since subnet membership does not change frequently, the public keys of replicas in a subnet can (and should) be cached.
In short, there will be two changes in this first step: The subnet state tree will expose the public keys of the replicas and query responses will contain a signature. The interface spec changes are still being drafted. We will post an update here once these changes are reflected in the interface spec.
Obviously, having a single replica signature in the response does not solve the problem that query responses cannot be trusted. However, the addition of a signature does improve security because the recipient can verify that the response came from a replica on the correct subnet. Specifically, it wouldn’t be possible for a malicious boundary node to return false data.
The feature roll-out is tentatively planned for the end of Q3 2023. Once this feature is rolled out, developers of agents are advised to update their agents to verify the signatures. The DFINITY SDK team will update all of their agents accordingly.
If you have any feedback or questions, please post them here!