Author: Adam Weiss 2015-02-03 19:25:19
Published on: 2015-02-03T19:25:19+00:00
It is possible to use a desktop website and mobile device for 2/3 multisig instead of a hardware device like Trezor, but it is important that the device used to input the two signatures cannot be in the same band to protect against MITM attacks. Using one device or network to input both signatures defeats the purpose of 2/3 multisig if compromised by malware. A simplified signing device like Trezor mitigates this risk by displaying a signed payment request and only signing what is displayed. However, adding BIP70 request signature validation and certificate revocation support could increase the complexity of the device. A standard for passing partially signed transactions around might make sense as an extension to BIP70, enabling easy multisig security with a choice of hardware signing devices, local software, and third-party cosigning services that all interoperate out of the box.
Updated on: 2023-06-09T16:24:27.148151+00:00