Content pfp
Content
@
https://warpcast.com/~/channel/fc-updates
0 reply
0 recast
0 reaction
Varun Srinivasan pfp
Varun Srinivasan
@v
FIP: Farcaster Connect An update to the Sign in with Farcaster (FIP-11) proposal to support request from wallets other than Warpcast. Feedback welcome! https://github.com/farcasterxyz/protocol/discussions/204
9 replies
17 recasts
69 reactions
vrypan |--o--| pfp
vrypan |--o--|
@vrypan.eth
Farcaster has a reliable, decentralized, two-way channel between the service the user wants to use and the app. Why not use it as the transport layer and get rid of the delicate dance between all these servers? If I want to use Farcaster Connect on service ABC, ABC should post a delta that my app receives (actually, *all my apps*), offers me a way to sign it and post the rely back to Farcaster where ABC will see it. Will require a new message type, but it will be simpler, more resilient to failures and decentralized.
1 reply
0 recast
0 reaction
Varun Srinivasan pfp
Varun Srinivasan
@v
passing a message through a decentralized network is slower, more complicated and less resilient to failures vs using a relay server. it also has no privacy. everyone in the world now knows which app you're trying to connect to, which is not good. it's not also a big win in terms of decentralization. the relay server is open source, if you dont like how we run it, you can run your own and call it "XYZ Connect".
1 reply
0 recast
1 reaction
vrypan |--o--| pfp
vrypan |--o--|
@vrypan.eth
Theoretical scenario: I scanned a QR code with my favorite FC client. The QR code requested that I sign a secret nonce and "cast" it: NONCE_123456 0xf652f2a1d32fe39ed2aa1f9c5166317fc7d6a00ea380db20a54bc99b0f4cd8491dd734e296a152678dd1448412a2490e22085be3613fb5d8c65ffe9dba97ec00 No privacy leak. It can't be any simpler from my point of view. Anyway, app devs have the first word here, just shared the idea.
1 reply
0 recast
0 reaction
Varun Srinivasan pfp
Varun Srinivasan
@v
The first problem remains unsolved. It’s slower, more complicated to poll hubs vs an HTTP endpoint. App devs who use FC Connect may not ever talk to a hub, now it’s in their critical path. It also now pushes more complexity to app devs which is maintaining nonces, which is non trivial in practice. The thing that I’d push on here is what is the attack vector for a malicious relay? If you can’t do a lot of damage perhaps decentralizing it should not be a focus.
1 reply
0 recast
0 reaction