Author: Salvatore Ingala 2023-01-24 08:38:29
Published on: 2023-01-24T08:38:29+00:00
In an email chain between Antoine and darosior, the latter suggested showing "semantic policy" instead of the actual Miniscript in order to save characters and gain clarity. However, Antoine was not comfortable with this approach due to the potential risk of malware finding a different miniscript with the same semantic policy during policy registration time. He believes that this attack is unlikely today, but could become more realistic in a taproot world where the semantic policy of each tapleaf could have multiple options, resulting in combinatorial explosion. One solution might be to explicitly enumerate (or at least upper-bound) the number of possible descriptors that are lifted to the same policy, and use the simplified UX if this number is not too large. Antoine also suggests having a set of standard recovery tools for those situations to make this approach more viable. He wonders if signing devices could even display a plain English verification to the user, like "This policy contains 4 spending paths," and also talks about registering xpubs/identities on the device to simplify the UX flow. The design space is quite large, and Antoine has not yet put enough thought into it. Finally, there was some confusion around the numerous uses of the word "policy", prompting a joke about needing a policy against it.
Updated on: 2023-06-15T20:24:19.547374+00:00