Content pfp
Content
@
0 reply
0 recast
0 reaction
Stephan pfp
Stephan
@stephancill
Something that concerns me about the fc signer architecture is how it increases the attack surface area for your account the more apps you allow to sign on your behalf This limits the propensity for users to try new apps especially if they have a large audience Solutions: portable signers? Permissions? Sessions?
25 replies
23 recasts
116 reactions
vrypan |--o--| pfp
vrypan |--o--|
@vrypan.eth
Rough idea, may not be feasible: Right now, a signer can either be approved or removed. There could be an intermediate state, something like "stoped". If a signer is stoped: - New messages signed with it are not valid (but old ones are not pruned) - It can only be removed (not approved again).
3 replies
0 recast
7 reactions
KMac🍌 ⏩ pfp
KMac🍌 ⏩
@kmacb.eth
Anybody written a blog post about the challenges? I’m a bit left curve on this atm. Links / pointers appreciated
1 reply
0 recast
3 reactions
TOM pfp
TOM
@subtlegradient
This concept is not well understood. Not sure how much it influences user choice on the frontend. Feels more like an existential threat to the entire ecosystem that will only become apparent after an attack has already happened
1 reply
0 recast
4 reactions
ccarella pfp
ccarella
@ccarella.eth
Can they be revoked, ie oAuth?
1 reply
0 recast
3 reactions
downshift pfp
downshift
@downshift.eth
can’t they be setup to expire?
1 reply
0 recast
1 reaction
Steve pfp
Steve
@stevedylandev.eth
I think @neynar is close to releasing something similar to scoped keys for their signer flow.
4 replies
0 recast
4 reactions
jon pfp
jon
@jonbray.eth
would love to see more granular controls for signers. not all signers are the same time-locked transactions would be good for some, introduce a delay where someone can cancel a potentially malicious tx permissions are 100% necessary imo a delegate contract that you can manage signers through
1 reply
1 recast
6 reactions
Uncle Davo pfp
Uncle Davo
@uncledavo
Was talking about it w @samuellhuber a while ago. Even increasing legibiity (seeing what messages have been signed by each signer) would be useful, especially as names for some signers differ from the app, or aggregate across a number of apps (for neynar apps?). makes it easier to decide what to revoke
1 reply
0 recast
3 reactions
Matthew Fox pfp
Matthew Fox
@matthewfox
This issue lives rent free in my brain 🙃
1 reply
0 recast
2 reactions
Nick T pfp
Nick T
@nt
Have thought about this as well. Would love to see some proposals around this.
1 reply
0 recast
2 reactions
KMac🍌 ⏩ pfp
KMac🍌 ⏩
@kmacb.eth
889 $DEGEN
0 reply
0 recast
1 reaction
nkemjika.eth pfp
nkemjika.eth
@nkemjika
How will portable signers and permissions work? Sessions would be great. Working on a client and drawing out a plan for sessions has been a worthy challenge
1 reply
0 recast
1 reaction
proxy pfp
proxy
@proxystudio.eth
impermanent signatures? I'd be fine resigning every week, just don't want to do it daily
2 replies
0 recast
1 reaction
Royal pfp
Royal
@royalaid.eth
cc @accountless.eth
0 reply
0 recast
1 reaction
Yanona 🎩🔵🎭 pfp
Yanona 🎩🔵🎭
@yanona
danger... 😢
0 reply
0 recast
0 reaction
burik🎩 pfp
burik🎩
@burik
nice
0 reply
0 recast
0 reaction
Max 🎩 🎭 pfp
Max 🎩 🎭
@chungco79
I'm here, man ❤️
0 reply
0 recast
0 reaction
Juliia Ben pfp
Juliia Ben
@juliia
Very informative! What further research do you plan on this topic?
0 reply
0 recast
0 reaction
Infinite pfp
Infinite
@ifun
I really enjoyed your post! Do you have any related projects you are working on? Diversifying your projects can broaden your expertise and impact.
0 reply
0 recast
0 reaction