From: Robert Spigler <RobertSpigler@protonmail.ch>
To: "bitcoin-dev@lists.linuxfoundation.org"
<bitcoin-dev@lists.linuxfoundation.org>
Subject: [bitcoin-dev] PSBT Security Standard
Date: Sun, 23 Aug 2020 22:07:38 +0000 [thread overview]
Message-ID: <8CmLbHXXpuOUrV26QPKkE9vx4n44wAaFXHQ1z5F0UdV-M8ypEssmOoMGUQiG3RlIrS9Za-lP0-G3ARIb6icDK4yn90fxlQXwBJa58CQMRuo=@protonmail.ch> (raw)
[-- Attachment #1: Type: text/plain, Size: 1572 bytes --]
Hello All,
In the past, discussions around how to securely store/use/setup PSBT's have been decided as out of scope for BIP 174 - "it is not a specification of how hardware wallets should behave, it is a description of a data structure and the abstract workflow around it"
For example, Nicolas Dorier had many concerns around a year ago during the global xpub field discussions, and Electrum Wallet devs and Sjors Provoost have had various discussions on how to coordinate multisig wallets and represent cosigners securely (1. what do cosigners need: xfp, derivation prefix, xpub, script type; 2. needs to be forward thinking: work with Musig, Lightning, Taproot, Native Descriptor Wallets, etc; 3. how do we authenticate across devices, ensure PSBT's haven't been changed en route, defend against change attacks, etc - Bob McElrath had some interesting ideas on these).
Jonathan Underwood's PSBT_GLOBAL_XPUB_SIGNATURE addition to BIP174 helps with some of these, but it is not a finalized BIP yet, and while the global xpub field is, it is not pulled into Core yet.
What do people think of the idea of expanding or creating a new, more descriptive BIP on how to securely use PSBT's?
IMO, especially since Core has been merging more PR's on the work around offline/multisig use, this has become more important.
Last time I discussed this, Glenn Willen and Luke Dashjr thought this was a good idea, with Luke offering a Bitcoin Wiki page for the short term, but that was a few months ago and I thought I would open this idea to the general community.
-Robert Spigler
[-- Attachment #2: Type: text/html, Size: 1833 bytes --]
reply other threads:[~2020-08-23 22:07 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='8CmLbHXXpuOUrV26QPKkE9vx4n44wAaFXHQ1z5F0UdV-M8ypEssmOoMGUQiG3RlIrS9Za-lP0-G3ARIb6icDK4yn90fxlQXwBJa58CQMRuo=@protonmail.ch' \
--to=robertspigler@protonmail.ch \
--cc=bitcoin-dev@lists.linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox