- I think we need a **versioned doc** (e.g. on https://dev.network.canton.global/) describing **which IPs get allowlisted to which endpoint** - e.g. I think I’m currently giving validators access to cometbft, and I’m not actually sure if they are supposed to have that access - I don’t see this taking a ton of effort, other than maybe answering questions that we really should be asking ## More context - This is a duplicate of [this issue](https://github.com/DACH-NY/canton-network-node/issues/8428) within CN's internal repo - I also had this in our meetings doc and wayne asked I move it here ## IEU's comment from the SV doc - IEU: Agree that we need this - Hard to know which IPs to whitelist to which endpoints; need to manage multiple security groups - Need documentation showing what should be accessed by / open to whom
