Closed darosior closed 2 years ago
darosior
commented
2 years ago I don't think anymore it should be a non-final PSBT. Rather an extension to the messages to include additional signatures.
An instance of a policy: an OTC desk uses Revault with a 2/3 threshold for managers. They have a policy on the maximum Unvaultable amount of 10k. However if all managers sign, the limit is lifted up to 50k.
JSwambo
commented
2 years ago Ack for the policy being sensible.
What about passing this info to the WT? A Get_Spend_Sigs message and Spend_Sigs response, or, more efficiently, adding an additional sigs field to the response to Get_Spend_Tx?
darosior
commented
2 years ago Well the point is to pass it to the WT in order to have such a policy. Regarding how to achieve it, i initially wanted to use a non-finalized PSBT with more partial_sigs than is necessary but i'm finally leaning toward an additional_sigs field in [set/get]_spend_tx.
darosior
commented
2 years ago It was discussed during today's meeting, where it was pointed out that while the feature described here may be desirable having the user sign a Spend transaction is probably a wrong, implicit, way of achieving the goal. For instance it could give a weird UX that the 3rd manager (taking back the 2/3 threshold instance above) would approve a specific Spend transaction, while the 2 others managers can just chose to not use it.
It can be argued that a participant in a 2-of-3 must be aware that the 2 other parties can "collude against" them. But there is no reason to not make the "acknowledgement to Unvault more than X BTC" explicit. It could even be a more generalized mean, like "forwarding signed messages to the WTs through the coordintator".
Closing in favour of such a mechanism, for the future (tm).
This would allow for policies on the number of managers of a threshold who signed a Spend with a specific set of Unvaults. Still need to examine the drawbacks (especially with regard to the size of the non-finalized PSBT).