Content
@
https://warpcast.com/~/channel/fc-devs
0 reply
0 recast
0 reaction
Dan Romero
@dwr.eth
Sign in with Farcaster conundrum 1. Currently requires ECDSA key (custody address) signature, which for most users is only on their mobile device with Warpcast app 2. Changing to EdDSA key (signers) would mean any Farcaster app could sign on your behalf -- making it easy for users to SIWF entirely on web -- but also makes the weakest link signer able to impersonate you on any app that has SIWF (note: just using SIWF and not requiring a signer) 3. Changing to a tiered system for EdDSA keys (super write keys vs. basic write keys) requires a bunch of work, adds complexity, requires contract audit, etc. 4. If no change, for most people they will always have to have their phone (which is how WhatsApp works, fwiw). 5. Current approach is grind out the last 10-15% of edge cases on QR code scan / mobile deeplink reliability. Curious what others think.
7 replies
0 recast
5 reactions
๐ญ_๐ญ
@m-j-r.eth
personally, I'd like to see the smoothest possible EdDSA -> modular abstraction flow, if only because you're competing on the social level. idk if this is feasible wrt sidestepping 3), but maybe threshold signers? or some other MFA. also, is there any way to leverage connected ENS data (ECDSA, ahead of time) for configuring permissions?
1 reply
0 recast
1 reaction
boscolo.eth
@boscolo.eth
Isn't #2 essentially what done under the hood to "authenticate" a FC FID to a Frame server? How is that different (from a security model perspective) from SIWF?
1 reply
0 recast
0 reaction
vrypan |--o--|
@vrypan.eth
No change. The design has its limitations, but there are other ways to solve them -someone famous said that if enough users want it, someone will build it. The obvious solution is more Farcaster wallets. (Who's going to build the Farcaster metamask snap?) I'd be more interested to solve the problem of how a new wallet can actually be used by the current flow, or if it's designed around warpcast.
1 reply
0 recast
0 reaction
Zinger
@zinger
Could ECDSA keys be made to work on Warpcast web? Would still prefer a world in which you could sign in with other apps but understand the security concern (although minimal cause read-only?) Also non-WC apps can implement ECDSA, right? But itโs one per Farcaster account?
1 reply
0 recast
0 reaction
Stephan
@stephancill
migrate the raw ECDSA wallet to be a smart wallet enroll the warpcast ECDSA signer as an owner on the wallet so that warpcast can still smoothly do signatures in the background build a sign in with farcaster flow hosted at `keys.farcaster.com` and get users to enroll a passkey phase out sign in with warpcast app in favour of passkeys (can always do warpcast as a fallback) this was the first application i had in mind for my open browser wallet project
1 reply
0 recast
2 reactions
Dvyne๐ฉ
@dummie.eth
Also curious and have zero ideas on this one So I'll be in the comments๐ค๐พ
0 reply
0 recast
0 reaction
โโฑ 9ฬท0ฬทโ ีดีฒ โฑโ
@90tun
3 seems like the way to go imo, you just have to deal with the โlot of workโ
0 reply
0 recast
0 reaction
