[EXT-SEC-AUDIT] Excessive gRPC timeout

[kostko]

Issue transferred from an external security audit report.

Nodes are configured to use an excessively long timeout of 10 minutes when accepting
gRPC connections.

https://github.com/oasislabs/ekiden/blob/7a5ddc8fae312b6d8400fa9ba062604c1112c6a4/go/common/grpc/grpc.go#L71-L73

Short term, set MaxConnectionIdle to a lower value (e.g., 5 seconds).

Long term, make this value configurable to support applications that require a longer timeout. Ensure the default value is kept low, as recommended above.

[Yawning]

I don't think this helps all that much. There are enough easy to generate requests that can be used to keep connections open indefinitely, for a fairly minimum increase in the amount of work the adversary needs to do.

[kostko]

Yeah and some requests can currently be quite expensive which requires request-specific mitigations (e.g., for storage #1914 and #1984) in addition to the gRPC sentry proxy (#1829) that we have planned.