My issue is they make the devices and OS. And I’m not sure we should (read: please don’t) trust apps directly, to be honest, as they are a target vector.
External signing devices are great. What’s missing is a layer perhaps where the external signing device says, “hey, your last message to Dave was to pubkey X, it’s now Y” or similar - however I favour dumb signing devices.
A trusted OS would be ideal to perhaps have this security layer to keep/compare state and make it obvious/transparent - it’s just painful that we can’t trust the OS.
wakoinc / Blake
npub1kt…rmrvj
2023-07-21 17:41:47
in reply to nevent1q…n8yt
Author Public Key
npub1ktw5qzt7f5ztrft0kwm9lsw34tef9xknplvy936ddzuepp6yf9dsjrmrvjPublished at
2023-07-21 17:41:47Event JSON
{
"id": "55589a0c0c9c63f9571569629bd94e7fe09e05c364d5ab096800b1659e0972af",
"pubkey": "b2dd40097e4d04b1a56fb3b65fc1d1aaf2929ad30fd842c74d68b9908744495b",
"created_at": 1689961307,
"kind": 1,
"tags": [
[
"e",
"d8e3d88d8fa5b725afdb3706c62fee2cfe342ed536790374158aa13741ae2baf"
],
[
"e",
"ede3b64b98d99f8f2167a268efc49c3ef3c951193e894fcb96f74a369be053de"
],
[
"p",
"8fb140b4e8ddef97ce4b821d247278a1a4353362623f64021484b372f948000c"
]
],
"content": "My issue is they make the devices and OS. And I’m not sure we should (read: please don’t) trust apps directly, to be honest, as they are a target vector. \n\nExternal signing devices are great. What’s missing is a layer perhaps where the external signing device says, “hey, your last message to Dave was to pubkey X, it’s now Y” or similar - however I favour dumb signing devices. \n\nA trusted OS would be ideal to perhaps have this security layer to keep/compare state and make it obvious/transparent - it’s just painful that we can’t trust the OS.",
"sig": "aa3422a271303ad2d2f971a5f767c1d7e6fb8fdbc1c7bcd998314d62025382f22f43876a0768483f4e45feb18b6f9b09027cb511e7f88c3cce6a199e09d64ec3"
}