Content pfp
Content
@
0 reply
0 recast
0 reaction

Stephan pfp
Stephan
@stephancill
Something that concerns me about the fc signer architecture is how it increases the attack surface area for your account the more apps you allow to sign on your behalf This limits the propensity for users to try new apps especially if they have a large audience Solutions: portable signers? Permissions? Sessions?
14 replies
7 recasts
55 reactions

vrypan |--o--| pfp
vrypan |--o--|
@vrypan.eth
Rough idea, may not be feasible: Right now, a signer can either be approved or removed. There could be an intermediate state, something like "stoped". If a signer is stoped: - New messages signed with it are not valid (but old ones are not pruned) - It can only be removed (not approved again).
3 replies
0 recast
5 reactions

downshift pfp
downshift
@downshift.eth
can’t they be setup to expire?
1 reply
0 recast
1 reaction

Steve pfp
Steve
@stevedylandev.eth
I think @neynar is close to releasing something similar to scoped keys for their signer flow.
4 replies
0 recast
1 reaction

proxy pfp
proxy
@proxystudio.eth
impermanent signatures? I'd be fine resigning every week, just don't want to do it daily
2 replies
0 recast
1 reaction

Royal pfp
Royal
@royalaid.eth
cc @accountless.eth
0 reply
0 recast
1 reaction

Nick T pfp
Nick T
@nt
Have thought about this as well. Would love to see some proposals around this.
1 reply
0 recast
1 reaction

TOM pfp
TOM
@subtlegradient
This concept is not well understood. Not sure how much it influences user choice on the frontend. Feels more like an existential threat to the entire ecosystem that will only become apparent after an attack has already happened
1 reply
0 recast
2 reactions

KMac🍌 ⏩ pfp
KMac🍌 ⏩
@kmacb.eth
Anybody written a blog post about the challenges? I’m a bit left curve on this atm. Links / pointers appreciated
1 reply
0 recast
1 reaction

ccarella pfp
ccarella
@ccarella.eth
Can they be revoked, ie oAuth?
1 reply
0 recast
1 reaction

jon pfp
jon
@sweetleaf.eth
would love to see more granular controls for signers. not all signers are the same time-locked transactions would be good for some, introduce a delay where someone can cancel a potentially malicious tx permissions are 100% necessary imo a delegate contract that you can manage signers through
1 reply
1 recast
4 reactions

Uncle Davo pfp
Uncle Davo
@uncledavo
Was talking about it w @samuellhuber.eth a while ago. Even increasing legibiity (seeing what messages have been signed by each signer) would be useful, especially as names for some signers differ from the app, or aggregate across a number of apps (for neynar apps?). makes it easier to decide what to revoke
1 reply
0 recast
2 reactions

Matthew Fox 🌐 pfp
Matthew Fox 🌐
@matthewfox
This issue lives rent free in my brain 🙃
1 reply
0 recast
1 reaction

nkemjika.eth pfp
nkemjika.eth
@nkemjika
How will portable signers and permissions work? Sessions would be great. Working on a client and drawing out a plan for sessions has been a worthy challenge
1 reply
0 recast
1 reaction

KMac🍌 ⏩ pfp
KMac🍌 ⏩
@kmacb.eth
889 $DEGEN
0 reply
0 recast
0 reaction