Simplification of origin key management #326
Labels
breaking change
Identify a change with a breaking API
core team
Assigned to the core team
help wanted
Extra attention is needed
origin
Problem to solve
To secure transaction we are using
origin signature
which is some kind of security to ensure a transaction have been forged by an authorized device or origin (app)But to enlist an origin into the system the complex was difficult and the setup no scalable being interactive (according to the patents)
Solution
I propose a new solution which is kind of proposal to support easy enlisting of origin devices but removing the concept of origin shared secrets.
Then, we can list all the origin keys for a given family (by certificate) with its own chain.
Each device would have to send a request to the network by passing its public key and its certificate, to be validated according to the CA available (TPM/Yubikey, Ledger, ...)
Once validated the public key will be listed in the origin public keys
Then the device will use its direct private key to sign the transaction and then the nodes will certify with the list of public keys available in the network.
This scheme makes the system more scalable, easier to implement and to understand
This issue would require:
Knowledge
api/origin_controller
Coding Changes
Epic: #149
The text was updated successfully, but these errors were encountered: