-
Notifications
You must be signed in to change notification settings - Fork 647
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Proposal Improvements] Add fee paying account to available_active_approvals
#138
Comments
From @xeroc on December 14, 2015 21:34 An alternative way to improve user experience would be to allow Say |
From @theoreticalbts on December 15, 2015 16:56 Your first comment is basically saying have the publisher of a proposal automatically approve it. Very early in the design of Graphene we had planned for a way to backreference ID's created by earlier ops, however, it was cut from the feature list basically on the grounds of "it's too hard" (a decision I personally disagreed with). With such a backreference your proposal would be as simple as creating a transaction with two ops, one to create it and one to add the active approval of the creator. The second op needs to use backreferencing to be atomic, because if a malicious witness (or indeed random chance) caused a proposal to be inserted before the transaction, Bob would end up approving a proposal he didn't intend to approve and not approving the proposal he did intend to approve. This can still be done, however, it is more complicated:
So this is still a wallet-level thing, however it requires a level of sophistication in wallet implementation with careful handling of dependent sequences (or in the most general case, DAG's?) of transactions, where each transaction potentially references ID's in a the transaction(s) on which it depends. Which requires careful management of TaPoS and awareness of forks to be sure the wallet correctly executes the user intent in all cases. This sophisticated wallet behavior AFAIK does not exist in current wallets. Your second comment is basically saying give the user one account with multisig and a locked-down balance, and another account with no multisig. And a wallet could implement it that way under the hood, but again it requires a level of sophistication in wallets which doesn't exist in current implementations (each user must have a second "hidden" account which keeps the balance for publishing, or all users of a certain wallet are allowed to use a centralized fee paying account to publish their proposals, subject to anti-spam, rate-limiting, CAPTCHA, etc.). |
From @xeroc on December 15, 2015 17:50 Having the approval in the same transaction is difficult to implement. I understand that. But what is the reason that I cannot take the account that signs the If, however, you create the proposal from an account that is part of the spending account's active authorities, an implicit approval due to the signature of the create_proposal_operation is figuratively and implicit approval, isn't it? |
From @theoreticalbts on December 15, 2015 18:22 We discussed this issue during the design of Graphene. The justification for the current behavior was that a committee member might want a way to express "I don't support this idea, but I would like to put it up for a vote." |
From @theoreticalbts on December 15, 2015 18:26 If this is implemented at all, it should either be by:
|
From @xeroc on December 15, 2015 19:37
That was the missing piece in the puzzle .. thanks for the clarification |
From @xeroc on January 20, 2016 9:39 So .. thinking about the
what prevents people from just using a new account to create a proposal for the committee that way. Please reconsider this! |
@xeroc or anyone else have time to write a BSIP for this feature? |
From @xeroc on December 13, 2015 17:38
Let's say we have a user account
Alice
that is secured by a second factor service.The active authorities of
Alice
requires 2 signatures, one for eachBob
2FA
Now, I'd like to have
Bob
propose a transaction and only have2FA
add his approval to have the proposal withdrawing fromAlice
be valid. That would GREATLY improve user experice and does not open up any security holes sinceBob
needs to be in the active authority any way.The only difference is that to verify the proposal, you also need to include the proposals signature (e.g. fee paying account).
However, I think this feature request requires a hard fork.
I am open for discussion
Copied from original issue: cryptonomex/graphene#479
The text was updated successfully, but these errors were encountered: