Farcaster Devs

Sign in with Farcaster conundrum

1. Currently requires ECDSA key (custody address) signature, which for most users is only on their mobile device with Warpcast app

2. Changing to EdDSA key (signers) would mean any Farcaster app could sign on your behalf -- making it easy for users to SIWF entirely on web -- but also makes the weakest link signer able to impersonate you on any app that has SIWF (note: just using SIWF and not requiring a signer)

3. Changing to a tiered system for EdDSA keys (super write keys vs. basic write keys) requires a bunch of work, adds complexity, requires contract audit, etc.

4. If no change, for most people they will always have to have their phone (which is how WhatsApp works, fwiw).

5. Current approach is grind out the last 10-15% of edge cases on QR code scan / mobile deeplink reliability.

Curious what others think.

personally, I'd like to see the smoothest possible EdDSA -> modular abstraction flow, if only because you're competing on the social level. 

idk if this is feasible wrt sidestepping 3), but maybe threshold signers? or some other MFA.

also, is there any way to leverage connected ENS data (ECDSA, ahead of time) for configuring permissions?

𝖒𝖆𝖓𝖉𝖆𝖙𝖚𝖒 𝖆𝖉 𝖆𝖘𝖙𝖗𝖆

https://warpcast.com/stephancill/0xd4fe864a

I'm with these two, well mainly Stephan's

regardless I'd say bite the audit and get the huge dev/ux unlock

100%, so might as well treat the phone as the enclave.

is the per-website delegate signer flow worth considering?

I think permissions for a consumers is a really bad UX.