Open vgrichina opened 3 years ago
Adding the security tag, since it involves private keys and overall a healthy token custody.
Can we use this one to include (but not enable) features to:
1. Logout and End Session The idea is to have a button that logout (delete keys) of any other browsers other than the currently used one. It's not exactly a "logout" feature, but gets quite close
2. Support Rainbow Bridge Any way to have the Ledger sign a smaller payload?
@jimmy3dita so I think Logout and End Session might be very related, but Rainbow Bridge support is not.
Rainbow bridge needs to separate creating request (no user approval should be required) and validating request (user approval is required and transaction actually contains something user can verify). Approving large blob on Ledger would be anti pattern as user won't be able to verify the content (not to mention it is very hard technically when transaction won't fit into RAM).
Story
As a USER who had a lot of keys before enabling Ledger, I want to remove all the extra keys in the smallest number of transactions possible so that I don't have to confirm each of them separately on Ledger.
Acceptance Criteria
Unhappy Path
User can reject one of the transactions. Wallet should offer to continue without remaining keys or to try removing them again.
Attacker (or wallet bug) can try to fool user into removing the same key as managed by Ledger. This can be detected by Ledger app (as it's knows it's own key) and we should disallow proceeding.