Open christophersanborn opened 5 years ago
christophersanborn
commented
5 years ago @clockworkgr — This issue is for you!
Please feel free to advise on message container formats or anything else that elucidates what our app would need to do in order to support your use cases for message signing.
clockworkgr
commented
5 years ago I was actually about to submit the same issue.
Format currently in use in Beet is this:
https://github.com/bitshares/beet/blob/develop/src/lib/blockchains/BlockchainAPI.js#L75-L83
Ideally it would have been a serialised JSON object. Unfortunately JavaScript does not guarantee properties to be ordered in any way. So serialization would possibly yield different order strings leading to different hashes, leading to an inability to verify.
Thus we use a list/array to guarantee serialization order.
Personally I don't like it but haven't come up with anything better yet.
One excellent use case for BitShares would be as a source of identity, and signing messages with keys belonging to a BitShares account would be a way of achieving authentication.
One way to achieve this would be to allocate an instruction (INS) byte to a method to sign arbitrary messages. Then, authentication challenges could be signed. HOWEVER, if we allow signing of truly arbitrary data, it's possible the user could unwittingly sign a malicious transaction.
So we want to allow signing, but we want to allow it only for messages wrapped in a specified container format (or a multiplicity of supported container formats, if desired), so that it becomes impossible to construct a "message" that also looks like a transaction.
But once a message/container format is decided upon, we could allow signing of messages via this app.