itai (building dynamic.xyz)
@itai
1/ 🚀 By popular demand, here's the getting started guide on passkeys! Learn what they are, their benefits, and usage—including their relation to web3 and embedded wallets. 🧵👇
10 replies
21 recasts
58 reactions
Jose Aguinaga
@jjpa
Good stuff! One part that’s worth mentioning is that wallets that rely in the API/Server model to authenticate wallets via Passkeys might be at risk of being “denied” access, even if only them can access the wallet. EIP-7212 is promising but there are already implementations that could use it, just not with AA
1 reply
0 recast
0 reaction
itai (building dynamic.xyz)
@itai
True, but I would argue that is true for pretty much any embedded wallet approach. That is, in a 2:2 MPC approach (Fireblocks, Coinbase WaaS etc) a share is held on a server, and technically the server can "deny" access to the share, and hence signing.
2 replies
0 recast
0 reaction
Jose Aguinaga
@jjpa
True to some extent. If I use the P256 verifier contract built by the @daimo team as means to control a wallet, there’s no way to “deny” signatures for that wallet. Also, Lit Protocol supposedly will be decentralized and thus can be used as a “permission-less” KMS. But yes, most MPC solutions have this flaw.
1 reply
0 recast
0 reaction
itai (building dynamic.xyz)
@itai
Yes you're right. There are clever solutions around this out there. I posted some more thoughts at the same time you posted the reply btw that I think clarify some things: https://warpcast.com/itai/0xd045a090
0 reply
0 recast
1 reaction
