Tony D’Addeo
@deodad
7702 - EOA key still needs to be stored - passkey signing is blind and confusing since the system UIs can’t be changed and refer to signing in - passkey sync has holes (x platform) - session keys UX unclear: how are keys requested? what’s the trade off between exposing complexity to users around restrictions vs making it magic but users don’t know what they’re approving?
10 replies
5 recasts
48 reactions
Mikko
@moo
Most Ethereum signing, outside very basic transactions, is basically blind because Ethereum does not have human-readable transactions. It's not just 7702 or something it could fix. Or anyone could fix.
1 reply
0 recast
5 reactions
Tony D’Addeo
@deodad
good point but it’s even slightly worse here in that you don’t even know you’re doing a crypto tx
3 replies
0 recast
3 reactions
jxom
@jxom
Secp256k1 is even worse, there's no "prompt" at all. ;) We have normalized the pattern of Wallets interfacing over Secp256k1 signing (ie. browser extensions, WalletConnect, etc), so same goes for Passkey signing.
3 replies
0 recast
3 reactions
Mikko
@moo
If you try a "good" Passkey wallet like Bako for Fuel you know that you are signing a crypto transaction: https://www.bako.global/ Because the UX flow is 1. You initiate a tx in your Dapp 2. You get redirected to Bako website 3. This website will prompt you with a Passkey signing request, having a page open display the transaction inputs I can send you some ETH on Fuel if you want to test it out. May be do a screenshot later.
0 reply
0 recast
0 reaction
Mikko
@moo
Maybe WebAuthn 2.0 one day
0 reply
0 recast
0 reaction
