Closed darosior closed 3 years ago
We are going to use a specific feebump "hot" wallet. This allows CPFP management in the background.
Actually this involves re-generating YA set of keys, do we really want that @edouardparis @kloaec @JSwambo ? i.e. we'd have:
The configuration file starts to be bloated and this is not a good perspective of UX..
Today's meeting: we need to clarify the ceremony first.
Maybe automated CPFP is great in term of UX but not i term of security. Should we offer it as an option instead, either manual or auto? -> auto: hot wallet for fees -> manual: Revault-GUI pings user if CPFP required/recommended, need human confirmation on Hardware Wallet.
Regarding security "in-between", as CPFP is used for the Spend, this spend should be unique. A "HSM" mode (automated signing, but on a secure device) could be used with a strict policy of 1 output of (dust or similar set amount). This still allows burning fees, but not stealing the fee-wallet.
Up
It's going to be YA set of keys, there is no way around
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ Le lundi, mars 15, 2021 1:56 PM, Kevin Loaec @.***> a écrit :
Up
— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or unsubscribe.
Yes, but WDYT about making automatic by default? I'm really wondering what's best, can't decide if it should or not.
I think it's more cumbersome both for the user and in coding workarounds, and that we can't just modify a settled decision at this point :/
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ Le lundi, mars 15, 2021 2:10 PM, Kevin Loaec @.***> a écrit :
Yes, but WDYT about making automatic by default? I'm really wondering what's best, can't decide if it should or not.
— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or unsubscribe.
I think your suggestion of having a HSM for CPFP is largely in the overkill territory. It's not expected to hold a large amount of funds (like not at all).
Closing this as it's been addressed: we are going with YA set of keys..
We could reuse the unvault's ones but this requires the HSM to sign the transaction... Maybe that's too much overhead for a low-value fee wallet ?