Cardano: getAddres + getPublicKey

[szymonlesisz]

CardanoGetAddress shows:

1. export address confirmation
2. derivation path confirmation

CardanoGetPubliKey shows:

• derivation path confirmation

I think in both cases there shouldn't be derivation path confirmation, it's not intuitive for the user

[tsusanka]

I've removed the bip-32 display. The GetPublicKey and GetAddress messages will be probably merged later but that's part of #308

[refi93]

@tsusanka we decided to display the derivation path to the user so they can be sure that the returned address does indeed belong to some "normal" derivation path.

Our line of thinking was that a man in the middle may somehow tamper with the derivation path sent by the wallet client to Trezor when requesting an address for receiving funds (for example by changing 0' to 84927383' in the request). A wallet usually works over a small range of addresses (e.g. 0' to 10') and this may cause loss of funds in the sense that the client may then receive funds to this "spoiled" address which will be subsequently unaccessible by the wallet client he is using, since it won't be able to discover it next time the user logs to the wallet.

Did you consider this scenario? Is it actually something to be concerned about? If not, why?

[prusnak]

@refi93 This is in process of unification and refactoring, where we would like to unify dialogs across various coins to look similar. See #320 - where we address this.

[refi93]

@prusnak I see, so can we expect in the foreseeable future that the derivation path will be displayed in this case?

[prusnak]

Right

[tsusanka]

Yes, exactly. Sorry about that, I should have pointed it out here as well