As you might already know, bootkey is simply a private key, that's used to identify node.
In nem every node is required to have a bootkey.
Bootkey is related to both eigentrust and network time. First part is somewhat known, the other probably not.
Every node starts with some trust value. Depending on the data it provides
(think evil nodes vs good nodes) it's trust value is altered.
This trust value is tied to the bootkey.
So in long run, nodes that were running for a while in the network (and providing good data),
will have high trust value, while it will take some time for "fresh" nodes, to get some sensible trust score.
Let's say we have an attacker. He'll probably try to gain some trust first.
When he starts attacking the network, his trust value will start fall down pretty quickly
up to the point where his value, will be lower than initial value.
At that point he'll probably decide to restart his node with different bootkey.
In long running network this initial value will be considerably smaller, than that of honest nodes.
We've mentioned few times, that bootkey might be any key, not necesarilly priv key of an account.
However, nodes that use priv key that belongs to an account with high poi, have bigger influence on network time.
Having many nodes participating with their poi in the network time calculation reduces variance.
Wouldn't it be dangerous, security wise, to have a private key with high PoI used for the bootkey, if the NIS is to be booted remotely, i.e., without needing the NCC to open up its wallet and boot the NIS?
It is somewhat risky but, key with high poi should be applied
[li]via locally run boot script[/li]
[li]or via [tt]nis.bootKey[/tt] in config.properties, if you own the machine, and set proper rights on config.properties, you should be fine[/li]
Ofc using boot key remotely is not safe, there's quite clear warning being made if you attempt to do that.
It is somewhat risky but, key with high poi should be applied
[li]via locally run boot script[/li]
[li]or via [tt]nis.bootKey[/tt] in config.properties, if you own the machine, and set proper rights on config.properties, you should be fine[/li]
Ofc using boot key remotely is not safe, there's quite clear warning being made if you attempt to do that.
I wouldn't recommend 2) above to anyone, even if he is an >intermediate user. ;)
We need to make the remote account private key available then you can use that key in the config.properties file.
BR, your talking about a harvesting key of sorts but for booting nis? That sounds good, otherwise no one is going to boot with very high poi score
You can use the remote harvesting key for booting too. Then the time synchronization would see the node as having some non zero poi.
If I used the harvesting key, would it not have the importance of the account it's associated with? Doesn't make much sense to me that it has the importance for harvesting but different for booting
If I used the harvesting key, would it not have the importance of the account it's associated with? Doesn't make much sense to me that it has the importance for harvesting but different for booting
yes it would, that's exactly what BR is saying.
You can use the remote harvesting key for booting too. Then the time synchronization would see the node as having some non zero poi.
Yes! I hope that will be possible soon :)