|13 Feb 2019|
I guess we are back to the “Roles” section of a DAO. I do not believe we have something implemented already on that area right?
no, identity/membership/roles etc is still being fleshed out
is there a thread or conversation I could poke at to see the current state of that discussion?
I think this was the last public long-form convo about it: https://forum.aragon.org/t/identity-dao-membership/344
cc @dizzypaty ^^
|14 Feb 2019|
great mockups @jjperezaguinaga!!
|15 Feb 2019|
@luis @jorge do you guys use Trezor for your gnosis multisig? We use it for ours, and had been struggling with it for a couple days. Opened an issue with them (https://github.com/gnosis/MultiSigWallet/issues/225), but was wondering if any other teams were having the same issue.
we don’t disclose how those keys are managed for opsec reasons
i actually don’t even know how luis manages his key
@jorge although I do agree on not disclosing specific details (e.g. using trezor, paper keys, or 6 backed phones in 6 countries 😄 ), would you say that not sharing how that information is stored makes any difference on how those keys are protected? Let’s take rubber-hose cryptanalysis (https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis), I’m unsure whether non disclosing that actually protects the keys for real threats and not just a random phishing attack
For the record I’m super obsessed about keys security, secure information backup, deniable security and zero-knowledge protocols, so would love to hear your thoughts about it. Gave a talk in JSConf in 2017 about zero-knowledge solutions through the Web Cryptography API - https://vimeo.com/236317210, and have done multiple experiments and blog posts about the topic (https://deniable.website/, https://medium.com/e-nigma-technologies/backing-up-mnemonic-seeds-using-asymmetric-and-symmetric-key-encryption-into-qr-codes-9a8092d64f26).
i generally do think the least details known the better
I mean, I agree, specially on the scope of granting access to individuals give you less vectors to cover for attacks. Feels a bit of security by obscurity if you ask me though. Worked at a fintech Swiss bank where we setup two HSMs stored in different datacenters with the private keys stored in some vaults that only management knew about (upgrading those was a paaaaain, resurrecting Beelzebub might had been easier), but we actually went out of our way to talk about our architecture, the HSMs firmware, the companies we were working with, everything. All was constantly audited, but also reported by our CSO
anyway, I just wanted to know if you guys had issues with Trezor and the Gnosis multi-sig 😄 I’m working today upgrading their Trezor Connect API from v4 to v5 so hopefully you guys (or anyone) benefits from this ☺️
And for the record, I wish we didn’t have single points of failure for private keys. Even with multi-sigs, you still rely on individual members/owners of the key. That’s what we have right now in most companies and places, and no security protocol can protect just being jumped at in a dark alley with a 5$ wrench. I’m more on favour of hierarchy of distributed secrets, specifically in Hierarchical Shamir’s Secret Sharing, that are able to perform signing operations based on a hierarchy of restorable keys. I’m currently particularly interested in projects like Enigma that leverage on TEE to perform secure operations while the infrastructure is unbeknownst to its contents.
@jjperezaguinaga have you read Cryptoasset Inheritance Planning? https://www.amazon.com/gp/product/1947910116/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1947910116&linkCode=as2&tag=empoweredlaw-20&linkId=649065612a98d3feaf7bc66a01a4d5db
|16 Feb 2019|
quite the topic, which seem to have grown some interest lately, weren’t in the news something about some exchange having X funds locked due only one guy knowing about it and dying?
totally, security by obscurity is the last security barrier ;)
totally, security by obscurity is the first security barrier ;)
glad to hear this haha
we spent quite a bit of time thinking about the security model of the multisig and we rotated to more secure keys a few months ago
even though i feel confident about the current setup, i am so looking forward to the day the keys are irrelvant, because the AN DAO runs the show