Force Watch-Only on Torgap Hosted bitcoin-core install

[ChristopherA]

@Fonta1n3:

Is there some RPC command that we can set in bitcoin-core such that, when blacklisted (inverse of the RPC whitelist https://github.com/bitcoin/bitcoin/issues/12248) on a remote VPS full-node, would allow all the watch-only features that Gordian Wallet needs to do cool & cold policy-based accounts, but would not allow a user to put private keys or xprvs on the remote server?

If this was possible, and if Gordian Wallet could detect this blacklist in advance, this would allow Blockchain Commons to offer a free Torgap watch-only service for our mainnet beta like currently we do for testnet, and also allow users to use their own watch-only install using Bitcoin Standup on a VPN more safely.

• [ ] What RPC command(s) could we blacklist?
• [ ] Does blacklisting that command sufficient?
• [ ] Will all the other commands needed for watch-only cool and cold policy scenarios still function?
• [ ] Can Gordian Wallet determine that the full node has blacklisted that command, and not allow warm policy scenarios.
• [ ] Should QuickConnect 2.0 tell a client that this Torgap is restricted watch-only full-node server?

/cc @jeremyrubin @kallealm @wolfmcnally @hxw

[Fonta1n3]

@Fonta1n3:

Is there some RPC command that we can set in bitcoin-core such that, when blacklisted (inverse of the RPC whitelist bitcoin/bitcoin#12248) on a remote VPS full-node, would allow all the watch-only features that Gordian Wallet needs to do cool & cold policy-based accounts, but would not allow a user to put private keys or xprvs on the remote server?

Yes.

If this was possible, and if Gordian Wallet could detect this blacklist in advance, this would allow Blockchain Commons to offer a free Torgap watch-only service for our mainnet beta like currently we do for testnet, and also allow users to use their own watch-only install using Bitcoin Standup on a VPN more safely.

It is a matter of whitelisting specific rpc commands as Gordian Server currently does, if the command is not on the whitelist it is implicitly "blacklisted".

• [ ] Does blacklisting that command sufficient?

We need to remove "warm" wallets from the UI in GW, so that all wallets are created with disable_private_keys = true.

• [ ] Will all the other commands needed for watch-only cool and cold policy scenarios still function?

Yes.

• [ ] Can Gordian Wallet determine that the full node has blacklisted that command, and not allow warm policy scenarios.

When I run bitcoin-cli getrpcwhitelist I get an error, maybe its coming in 0.21?