!RpNPZIWlfMJbSvGAYg:matrix.org

Random

13 Members
Any discussion that is off-topic on other channels is welcome here, in example if you’re promoting your project or want to share some interesting news article, this is the place.2 Servers

Load older messages


Timestamp Message
13 Feb 2019
06:00:24@bridge-bot:matrix.orgbridge-bot <jjperezaguinaga>

I guess we are back to the “Roles” section of a DAO. I do not believe we have something implemented already on that area right?

06:00:59@bridge-bot:matrix.orgbridge-bot <light>

no, identity/membership/roles etc is still being fleshed out

06:02:25@bridge-bot:matrix.orgbridge-bot <jjperezaguinaga>

is there a thread or conversation I could poke at to see the current state of that discussion?

06:04:16@bridge-bot:matrix.orgbridge-bot <light>

I think this was the last public long-form convo about it: https://forum.aragon.org/t/identity-dao-membership/344

06:04:27@bridge-bot:matrix.orgbridge-bot <light>

cc @dizzypaty ^^

06:04:28@bridge-bot:matrix.orgbridge-bot <jjperezaguinaga>

sweet, thanks!

14 Feb 2019
11:31:01@bridge-bot:matrix.orgbridge-bot <luis>

great mockups @jjperezaguinaga!!

15 Feb 2019
00:47:26@bridge-bot:matrix.orgbridge-bot <jjperezaguinaga>

@luis @jorge do you guys use Trezor for your gnosis multisig? We use it for ours, and had been struggling with it for a couple days. Opened an issue with them (https://github.com/gnosis/MultiSigWallet/issues/225), but was wondering if any other teams were having the same issue.

08:11:40@bridge-bot:matrix.orgbridge-bot <jorge>

we don’t disclose how those keys are managed for opsec reasons

08:12:03@bridge-bot:matrix.orgbridge-bot <jorge>

i actually don’t even know how luis manages his key

17:10:58@bridge-bot:matrix.orgbridge-bot <jjperezaguinaga>

@jorge although I do agree on not disclosing specific details (e.g. using trezor, paper keys, or 6 backed phones in 6 countries 😄 ), would you say that not sharing how that information is stored makes any difference on how those keys are protected? Let’s take rubber-hose cryptanalysis (https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis), I’m unsure whether non disclosing that actually protects the keys for real threats and not just a random phishing attack

17:14:07@bridge-bot:matrix.orgbridge-bot <jjperezaguinaga>

For the record I’m super obsessed about keys security, secure information backup, deniable security and zero-knowledge protocols, so would love to hear your thoughts about it. Gave a talk in JSConf in 2017 about zero-knowledge solutions through the Web Cryptography API - https://vimeo.com/236317210, and have done multiple experiments and blog posts about the topic (https://deniable.website/, https://medium.com/e-nigma-technologies/backing-up-mnemonic-seeds-using-asymmetric-and-symmetric-key-encryption-into-qr-codes-9a8092d64f26).

17:20:14@bridge-bot:matrix.orgbridge-bot <jorge>

hahaha

17:20:54@bridge-bot:matrix.orgbridge-bot <jorge>

i generally do think the least details known the better

17:28:44@bridge-bot:matrix.orgbridge-bot <jjperezaguinaga>

I mean, I agree, specially on the scope of granting access to individuals give you less vectors to cover for attacks. Feels a bit of security by obscurity if you ask me though. Worked at a fintech Swiss bank where we setup two HSMs stored in different datacenters with the private keys stored in some vaults that only management knew about (upgrading those was a paaaaain, resurrecting Beelzebub might had been easier), but we actually went out of our way to talk about our architecture, the HSMs firmware, the companies we were working with, everything. All was constantly audited, but also reported by our CSO

17:29:32@bridge-bot:matrix.orgbridge-bot <jjperezaguinaga>

anyway, I just wanted to know if you guys had issues with Trezor and the Gnosis multi-sig 😄 I’m working today upgrading their Trezor Connect API from v4 to v5 so hopefully you guys (or anyone) benefits from this ☺️

17:37:24@bridge-bot:matrix.orgbridge-bot <jjperezaguinaga>

And for the record, I wish we didn’t have single points of failure for private keys. Even with multi-sigs, you still rely on individual members/owners of the key. That’s what we have right now in most companies and places, and no security protocol can protect just being jumped at in a dark alley with a 5$ wrench. I’m more on favour of hierarchy of distributed secrets, specifically in Hierarchical Shamir’s Secret Sharing, that are able to perform signing operations based on a hierarchy of restorable keys. I’m currently particularly interested in projects like Enigma that leverage on TEE to perform secure operations while the infrastructure is unbeknownst to its contents.

20:20:24@bridge-bot:matrix.orgbridge-bot <light>

@jjperezaguinaga have you read Cryptoasset Inheritance Planning? https://www.amazon.com/gp/product/1947910116/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1947910116&linkCode=as2&tag=empoweredlaw-20&linkId=649065612a98d3feaf7bc66a01a4d5db

21:48:32@bridge-bot:matrix.orgbridge-bot <light>

related: https://bitcoinmagazine.com/articles/disaster-strikes-developing-recovery-plan-bitcoin-digital-tokens-1438642228/

16 Feb 2019
05:03:21@bridge-bot:matrix.orgbridge-bot <jjperezaguinaga>

@light aaand thanks for my new audio book for the week, just finished the Celestine Prophecy and wanted to know which one was next

05:04:58@bridge-bot:matrix.orgbridge-bot <jjperezaguinaga>

quite the topic, which seem to have grown some interest lately, weren’t in the news something about some exchange having X funds locked due only one guy knowing about it and dying?

06:25:48@bridge-bot:matrix.orgbridge-bot <light>

yeah Quadriga

06:25:51@bridge-bot:matrix.orgbridge-bot <light>

crazy story

06:36:54@bridge-bot:matrix.orgbridge-bot <jorge>

Feels a bit of security by obscurity if you ask me though.

06:37:09@bridge-bot:matrix.orgbridge-bot <jorge>

totally, security by obscurity is the last security barrier ;)

06:37:14@bridge-bot:matrix.orgbridge-bot <jorge>

totally, security by obscurity is the first security barrier ;)

06:37:51@bridge-bot:matrix.orgbridge-bot <jorge>

I'm working today upgrading their Trezor Connect API from v4 to v5 so hopefully you guys (or anyone) benefits from this

06:37:58@bridge-bot:matrix.orgbridge-bot <jorge>

glad to hear this haha

06:39:56@bridge-bot:matrix.orgbridge-bot <jorge>

we spent quite a bit of time thinking about the security model of the multisig and we rotated to more secure keys a few months ago

06:41:00@bridge-bot:matrix.orgbridge-bot <jorge>

even though i feel confident about the current setup, i am so looking forward to the day the keys are irrelvant, because the AN DAO runs the show


There are no newer messages yet.


Back to Room List