search

revault / practical-revault

Version 0 specifications for a Revault deployment
Creative Commons Attribution 4.0 International
33 stars 9 forks source link

What keys to use in the CPFP descriptor ? #55

Closed darosior closed 3 years ago

darosior commented 3 years ago

We could reuse the unvault's ones but this requires the HSM to sign the transaction... Maybe that's too much overhead for a low-value fee wallet ?

darosior commented 3 years ago

We are going to use a specific feebump "hot" wallet. This allows CPFP management in the background.

darosior commented 3 years ago

Actually this involves re-generating YA set of keys, do we really want that @edouardparis @kloaec @JSwambo ? i.e. we'd have:

The configuration file starts to be bloated and this is not a good perspective of UX..

darosior commented 3 years ago

Today's meeting: we need to clarify the ceremony first.

kloaec commented 3 years ago

Maybe automated CPFP is great in term of UX but not i term of security. Should we offer it as an option instead, either manual or auto? -> auto: hot wallet for fees -> manual: Revault-GUI pings user if CPFP required/recommended, need human confirmation on Hardware Wallet.

Regarding security "in-between", as CPFP is used for the Spend, this spend should be unique. A "HSM" mode (automated signing, but on a secure device) could be used with a strict policy of 1 output of (dust or similar set amount). This still allows burning fees, but not stealing the fee-wallet.

kloaec commented 3 years ago

Up

darosior commented 3 years ago

It's going to be YA set of keys, there is no way around

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ Le lundi, mars 15, 2021 1:56 PM, Kevin Loaec @.***> a écrit :

Up

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or unsubscribe.

kloaec commented 3 years ago

Yes, but WDYT about making automatic by default? I'm really wondering what's best, can't decide if it should or not.

darosior commented 3 years ago

I think it's more cumbersome both for the user and in coding workarounds, and that we can't just modify a settled decision at this point :/

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ Le lundi, mars 15, 2021 2:10 PM, Kevin Loaec @.***> a écrit :

Yes, but WDYT about making automatic by default? I'm really wondering what's best, can't decide if it should or not.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or unsubscribe.

darosior commented 3 years ago

I think your suggestion of having a HSM for CPFP is largely in the overkill territory. It's not expected to hold a large amount of funds (like not at all).

Closing this as it's been addressed: we are going with YA set of keys..