Author: Mike Hearn 2015-02-03 21:01:47
Published on: 2015-02-03T21:01:47+00:00
The discussion revolves around the use of TREZOR-like devices with BIP70 support and third-party co-signing services. The scope of adding BIP70 request signature validation and certificate revocation support may become too large for a simple device like TREZOR. However, an implementation of PKIX may be good enough for a stripped-down OpenSSL implementation. Certification revocation is currently not supported in BIP70, leaving users without identity protection if their private key leaks. An X.509 extension called "Must Staple" being proposed in the browser world could offer more security, but it would require more time and resources to implement. A standard for passing partially signed transactions around may make sense, and the hope is that hardware wallets will standardize on the well-designed TREZOR protocol.
Updated on: 2023-06-09T16:24:37.209275+00:00