mochet
commented
6 months ago I think just to add an update on this issue:
- At the time it was written we had no hardware wallet support. We have Polkadot Vault support now. Therefore it isn't really that critical anymore.
- The "proxy" pallet seems like it would solve this with a wider scope and possibly easier to implement also
Background
Compromising keys of CMs is one of the easiest ways to attack the DAO, and currently there is no easy way for a CM to use offline key management, because the same keys are used for all sorts of activies, like forum, proposal discussion, election activity, etc.
Proposal
Allow having separate keys specified with the candidacy, which are used for voting, not the normal controller keys of the CM.