Content pfp
Content
@
0 reply
0 recast
0 reaction

Daniel pfp
Daniel
@damoos
I'm worried that Signers are not automatically expiring at some point. This is a common practice in web2 (for API keys / tokens) and I believe Farcaster would greatly benefit form this as well (using a Farcaster epoch based timestamp). any thoughts on this @stephancill @samuellhuber.eth ?
2 replies
0 recast
2 reactions

Stephan pfp
Stephan
@stephancill
a big difference vs web2 is that there is an explicit cost to creating a signer in the form of gas fees. this has way different UX implications to web2 API keys so it's not as simple as just expiring them unfortunately i do agree that this is an important issue issue that needs to be addressed though
2 replies
0 recast
1 reaction

Samuel pfp
Samuel
@samuellhuber.eth
the second big difference: once a signer expires e.g. my SSH Keys to my Git I can 1) extend them 2) let them expire and keep what I did farcaster deletes everything once a signer is expired, that would need to change. We'd only deelte everything on signer revokation, not expiry so it can expire gracefully
1 reply
0 recast
1 reaction

Daniel pfp
Daniel
@damoos
If I understood the concept correctly Signers do not expire yet but rather can be removed completely (which will prune all messages that are signed by that key). Expiring a key does not necessarily remove it from the list thus messages should not be pruned imho.
1 reply
0 recast
0 reaction