Cardano: getAddres + getPublicKey #306
Comments
I've removed the bip-32 display. The GetPublicKey and GetAddress messages will be probably merged later but that's part of #308 |
@tsusanka we decided to display the derivation path to the user so they can be sure that the returned address does indeed belong to some "normal" derivation path. Our line of thinking was that a man in the middle may somehow tamper with the derivation path sent by the wallet client to Trezor when requesting an address for receiving funds (for example by changing 0' to 84927383' in the request). A wallet usually works over a small range of addresses (e.g. 0' to 10') and this may cause loss of funds in the sense that the client may then receive funds to this "spoiled" address which will be subsequently unaccessible by the wallet client he is using, since it won't be able to discover it next time the user logs to the wallet. Did you consider this scenario? Is it actually something to be concerned about? If not, why? |
@prusnak I see, so can we expect in the foreseeable future that the derivation path will be displayed in this case? |
Right |
Yes, exactly. Sorry about that, I should have pointed it out here as well |
CardanoGetAddress shows:
CardanoGetPubliKey shows:
I think in both cases there shouldn't be derivation path confirmation, it's not intuitive for the user
The text was updated successfully, but these errors were encountered: