Home < Bitcoin++ < Lightning Specification < Bitcoin Review Podcast < Bitcoin Core Dev Tech < Bitcoin Core Dev Tech 2023 (Sept) < Bitcoin Core Dev Tech 2023 (Apr) < Bitcoin Core Dev Tech 2022 < Bitcoin Core Dev Tech 2019 < Bitcoin Core Dev Tech 2018 (Oct) < Bitcoin Core Dev Tech 2018 (Mar) < Bitcoin Core Dev Tech 2017 < Bitcoin Core Dev Tech 2015 < Stephan Livera Podcast < Advancing Bitcoin < Bitcoin Magazine < Bitcointranscripts < TABConf < London Bitcoin Devs < Misc < MIT Bitcoin Expo < Greg Maxwell < Chaincode Labs < Sydney Bitcoin Meetup < Bitcoinology < c-lightning < Adopting Bitcoin < IACR Crypto < Wasabi Research Club < Lightning Hack Day < Blockstream Webinars < Munich Meetup < TFTC Podcast < Realworldcrypto < SF Bitcoin Meetup < CPPcon < Bitcoin Design < Chicago Bitdevs < VR Bitcoin < LA Bitdevs < Ruben Somsen < Honey Badger Diaries < Andreas Antonopoulos < Austin Bitcoin Developers < Stanford Blockchain < Coordination of Decentralized Finance < Lightning Conference < Cryptoeconomic Systems < Bitcoinops < Baltic Honeybadger < Scaling Bitcoin Conference < Bitcoin Edge Dev++ < Decentralized Financial Architecture Workshop < Dallas Bitcoin Symposium < Breaking Bitcoin < Lets Talk Bitcoin Podcast < What Bitcoin Did Podcast < Magicalcryptoconference < Noded Podcast < Boltathon < Grincon < Verifiable Delay Functions < Building On Bitcoin < Layer2 Summit < Satoshi Roundtable < Blockchain Protocol Analysis Security Eng < Developers-Miners Meeting < W3 Blockchain Workshop < Simons Institute < Bit Block Boom < Coindesk Consensus < Rebooting Web Of Trust < Texas Bitcoin Conference < ASMap

ASMap

Speakers: Fabian Jahr

Date: April 25, 2023

Transcript By:

Tags: Bitcoin core, Security enhancements

Category: Core dev tech

Should we ship it every Core release?

  • The initial idea is shipping a map file every Core release. Fabian wrote an article about how would be integrated into the deployment (https://gist.github.com/fjahr/f879769228f4f1c49b49d348f80d7635).
  • Some devs pointed out an option would be to have it separated to the release process, any regular contributor could update it whenever they like (who would do it? frequency?). Then when the release comes around one of the recent ones will be chosen. People running their own node can also choose the latest version from this repo and use it if they want a newer version.

How to validate it?

  • Validation has been pointed out as the most difficult step of the process.
  • In order to give a definitive answer that an asmap file is definitely not malicious we would need some manual work, potentially a lot and more than we can handle for a single release, we have tools to compare different files, but it’s hard to check what the diffs mean.
  • Certain checks can still be done in a timely manner and even automated, we will try to do that as much as possible
  • PeeringDB has a track record of ASes, could help on this process? Someone used it for manual verification.

Network topology

  • There were some discussions about topology. If most nodes adopt asmap, would it probably affect network topology?
  • (This discussion was based on a presentation of vir7u but most hadn’t seen the presentation so it stayed mostly hypothetical. Contributors will reach out to him to get more insights and the recording of the talk should be uploaded shortly.)

Documentation

  • Do we have documentation about how users could generate their own file? (maybe in Core?) Yes but currently there are three different tools that make it possible and we need to get to consensus which tool should be used for what and then we can update the docs.

Reliability on data sources

  • To build it, we fetch data from RIPE RIS, RPKI and IRR. Some people pointed out about the reliability of these data sources. Should we trust them? How can we know if they are not acting maliciously at some point? The data sources were selected and are preferred based on the security they provide. RPKI is the most secure but only provides 70% coverage so we need the other sources (see in-depth discussion of data sources here: https://gist.github.com/fjahr/bf0ff0917e03a4e49fac0617b2b35747)

  • Someone asked whether one the data sources has signatures.

    • RPKI is used to let the legitimate holder of a block of IP addresses make an authoritative statement about which AS is authorized to originate their prefix in the BGP