Closed P3B closed 3 years ago
-Remove unique address per transaction requirement
Are there meeting notes / expanding the rationale of this change.. first glance seems like a non-trivial change, so interested to learn what precipitated the change in thinking on this guideline.
-Remove unique address per transaction requirement
Are there meeting notes / expanding the rationale of this change.. first glance seems like a non-trivial change, so interested to learn what precipitated the change in thinking on this guideline.
@jsmith-dev Thanks for the inquiry!
The committee has been discussing this very control for quite a while, so the decision wasn't made lightly. I'm happy to share some of the background that led to the ultimate change confirmed in this PR.
First some background on the original purpose of the control. There were two reasons why unique addresses per transaction were believed to improve the security of an organizations overall cryptocurrency posture:
Another important piece of background, the initial draft of the CCSS was originally released February 2015, several months before the launch of Ethereum's mainnet went live - a blockchain that uses account based addresses rather than the UTXO style we were all accustomed to.
So with that all in mind, now 6 years after that initial draft, what has led to the removal of this control?
That last point is certainly important, due to the way Ethereum handles addresses, it was basically impossible for any system that deals with Ethereum to be compliant with the CCSS. A basic (non-smart contract) transaction on Ethereum is unable to specify multiple recipients so even a simple scenario of sending ETH from one address to another would require one transaction for the initial send, and a second transaction to move change to a new address. This paradigm just doesn't make sense here.
Anecdotally, some of us had been assessing businesses who had wonderful mature controls in place, but since they also deal with Ethereum they either had to put some kludgy work-around in place to be compliant, or accept that they weren't able to meet the requirements of the standard.
It wasn't always Ethereum either. I personally run a project that re-uses Bitcoin, Litecoin, Dogecoin, and Defcoin addresses as an intentional design choice and to date had just accepted it wasn't compliant with the CCSS regardless of the other controls we have in place.
These difficulties across the industry were very likely the catalyst for the discussion on if this control was still appropriate, but we certainly didn't want to relax a control purely for the sake of making the standard easier to meet.
Looking back at the two reasons for the control initially, our discussion came to two important conclusions:
I hope this has helped to explain the reasoning for the change to this control. Of course, we always welcome input and suggestion from the community so please do speak up if you have additional concerns we may not have considered.
The changes listed here match my memory of the meeting
I've also reviewed the changes in this PR and agree that they match the outcome of the committee discussions.
Formatting also looks correct for the static page generation.
The following changes were approved by the CCSS Steering Committee at the Q1 meeting.
Changes: -Add documentation requirement for policies and procedures -Update standard to state testing covers an effective period -Remove deterministic wallet requirement -Remove unique address per transaction requirement