OFAC Compliance and IC Boundary Nodes

Hey @Lorimer

I have seen your post, was thinking about it and completely forgot to reply. Sorry! Also, I don’t have a good answer, but just some thoughts on the topic:

Blocking at the boundary nodes/HTTP gateway
The boundary nodes currently do not allow a way for dapp developers to block access from certain geographies. We do block access based on the code of conduct, but that is mostly to protect ic0.app/icp0.io.

However, I don’t think the boundary nodes or the HTTP gateways in the decentralized architecture are the right place to block access. The API endpoints are all open and anyone is able to spin up another HTTP gateway without any restrictions. At the moment, a dapp developer has no way of specifying through which HTTP gateways, their dapp should be served. Hence, a dapp developer would have to make sure that each HTTP gateway is blocking access.

Hence, I think the blocking should happen at the dapp-level and not at the boundary nodes/HTTP gateways.

Blocking at the dapp level

If a dapp needs to block users from these countries, how should it go about that?

To me, it is not clear what “blocking” means: Do they have to be completely blocked from even loading the dapp or is it enough to prevent these users from making a “transaction” (e.g., participating in an airdrop).

For the SNS framework some restrictions for the swap participation had to be implemented.

Back then, the boundary nodes were also part of the discussions, but in the end, the chosen solution is independent of the boundary nodes.

That’s all for now :slight_smile: @Lorimer do you have any thoughts on that and do you have a particular use-case in mind?

1 Like