Content pfp
Content
@
0 reply
0 recast
0 reaction

Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
What if a site wants to manage a key directly, but have it derived from the user's wallet? This seems like a growing use case with embedded wallets. Should we have a method that just passes sites keys that are generated deterministically to their domains? https://ethereum-magicians.org/t/wallet-getexposedappkey/20958
4 replies
1 recast
14 reactions

Dean Pierce πŸ‘¨β€πŸ’»πŸŒŽπŸŒ pfp
Dean Pierce πŸ‘¨β€πŸ’»πŸŒŽπŸŒ
@deanpierce.eth
Is private key information touching the network? I feel like crypto rule #1 is "never put your privates on the Internet". Maybe the site can, on the backend, generate an hd root key that can then be blessed by the user such that the site can generate new time bound ephemeral keys as needed. It's scary enough having keys floating in the site's origin just in the local browser πŸ˜… Either way, passing private keys around seems dirty.
1 reply
0 recast
1 reaction

Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
Yeah, I largely agree. I’d prefer to never move keys, and wish sites existed that could not phone home, and could be static. The modern browser makes things that would ideally be great be dangerous. Even exposing a signing interface (as many of the session key implementations are doing) has a similar issue: any dependency on those sites can also sign freely.
0 reply
0 recast
1 reaction