CIP-100: Make witnessing optional + add CIP-08 message signing #757
Comments
|
I don't think we should make witnessing by the authors not required, as there a bunch of subtle attacks related to impersonation, and making it more difficult to verify the veracity of a document shouldn't be something we do IMO. That being said, it is totally reasonable to leave the authors field an empty list if you don't want to sign it. You're just not making any claims about the authorship. There's also nothing stopping the tooling / explorers to show a field for which cardano address (and/or ada handle) published the transaction on chain, so it's totally reasonable to show "This proposal has no explicit authors, but it was published on chain by $pi" for example. As for ED25519, CIP-100 just offers a default, and even suggests that the standard will be extended by other mechanisms (DIDs, different curves, etc.); so, yes, if you wanted to add a new signing method, that'd be a new CIP to specify the vocabulary for interpreting that specification. Though, I'm not sure what you mean by CIP-05, that seems to be a list of bech32 prefixes. I'll assume you meant CIP-0008. I don't initially see anything wrong with adding CIP-0008 support: embed the canonicalized form of the document inside a COSE envelope and then sign that envelope (or the hash of that envelope). |
Ryun1
changed the title
For the majority of the anchors the transaction has to be signed with supporting author's credential. DRep registration, DRep update, CC resign and votes. In all of these cases I don't see how or why authorship cannot be implied from the transaction signature. The only application I can see where multiple authors could be applied is for governance action anchors.
yup my bad, I meant CIP-05. Without reusing CIP-05 signing here I think we will have to expect quite a lot of work on the behalf of wallet implementors. |
|
@Ryun1 Sure, and so in that case I would suggest the But allowing you to leave off the signature leaves a level of indirection that is dangerous, IMO. It's another wrinkle to the spec that tooling authors have to think through and say "oh ok, if the signature is absent, I have to check that it matches the transaction that published it"; it means you also can't validate the veracity of a document with only the document itself, you must have access to the on-chain transaction it came from, etc.
Heh, you mean CIP-08 😅 And yea, adding CIP-08 as an additional signing standard seems like a reasonable extension to me. |
|
@Quantumplation
Gotcha, I think this is what we will pursue for the first iteration of the governance tools we are building.
this is a good point, but at the same time, the pub key and witness does really only gain value when the pub key's on-chain history is indexed.
😅 |
|
Closing as I have moved the outcomes of these discussions to #632 |
Thoughts?
cc: @Quantumplation @Crypto2099
The text was updated successfully, but these errors were encountered: