OTR MAC-Address Node Validation (with IP Fallback)

Purpose

To strengthen device trust and minimize spoofing on the decentralized OTR network, each node uses its hardware MAC address as a primary identifier for all local minting, validation, and broadcast operations. IP fallback is supported for edge cases or mixed environments.

Why MAC Address?

  • Immutable Identity: Unlike IPs, MAC addresses are hardcoded in network interfaces and resist spoofing without OS-level interference.
  • Offline Capable: MAC-based verification doesn’t rely on DHCP or DNS—critical in air-gapped or RF environments.
  • Persistent Trust Linkage: Every OTR node can cryptographically sign logs using a fingerprint derived from its MAC, ensuring consistent identity in CID logs, SafeSignal broadcasts, or validator earnings.

Implementation Highlights

  • Primary Auth Layer: All local requests to the OTR validator daemon or mint endpoints first check the MAC.
  • IP Fallback: If MAC fails or isn’t detectable (e.g., Docker on cloud VM), it falls back to IP-based mapping using /node/resolve.
  • MAC + Wallet Pairing: Nodes can register their MAC with a validator wallet, enabling autonomous trust bootstrapping at runtime.
  • QR Handshake Support: MAC addresses can be encoded in QR onboarding for air-gapped environments.

How it Works at home/office (Simplified for a Client):

1. Printer is running OTA Printer Node module

  • It registers itself on the OTR network using its MAC address (e.g., MAC_PRINTER_01)
  • Automatically joins the local MAC-authenticated subnet

2. Phone/Tablet wants to print

  • User’s device (e.g., phone) connects to the same OTR subnet (via Wi-Fi or BLE)
  • The phone runs the OTAwallet app or any OTR-compatible client
  • The client uses the /printer/discover API to find nearby printers by MAC

3. User sends a print job

  • The user selects a file or photo
  • The file is sent via /printer/job/send with:
    • Target MAC of the printer
    • Payload (document, image, etc.)
    • Optional: Metadata (number of copies, grayscale, etc.)

4. Printer node receives and prints

  • The node listens for jobs
  • Validates the job (signature, policy, CID if archived)
  • Starts printing
  • Logs a CID hash to IPFS for proof-of-job if enabled

5. User receives confirmation

  • Job status can be queried via /printer/job/status/:id
  • Optionally, it appears in the OTAwallet dashboard under “Recent Tasks”

Why MAC Mode Makes This Simple and Secure

  • No DHCP, no dynamic IP lookup — just MAC routing
  • Spoofing is mitigated by MAC allowlist + Proof of Authentication
  • Devices don’t need to “install” the printer — just discover and use via the API
  • Works even offline, since it can queue jobs and retry sync

Client Setup Needs

  • Phone or computer on OTR subnet (e.g., through patched router or node)
  • OTAwallet app or SDK installed
  • MAC pairing once (auto-saved)
  • That’s it — no drivers, no setup wizards