Eth secpm alt authentication #103
Conversation
…p2p/rfc-index into eth-secpm-alt_authentication
| SIWE presents some centralization issues for random node generation. | ||
| Since smart contracts cannot generate random nonces without the need of an oracle, | ||
| or can only generate pseudo-random nonces | ||
| which would be the result of combining data which could be hacked. |
There was a problem hiding this comment.
This sentence is difficult to follow because of its grammatical structure.
What do you mean by "would be the result of combining data which could be hacked."
Also, what does "hacked" mean in this case? Let's explain this in more professional terms.
vac/raw/eth-demls.md
Outdated
|
|
||
| The following approach aims at mitigating these issues. | ||
| It is similar to SIWE, | ||
| and would imply the users requesting to log into the system |
There was a problem hiding this comment.
| and would imply the users requesting to log into the system | |
| and implies the users requesting to log into the system |
There was a problem hiding this comment.
what is "the system" in this context? Should be made explicit.
vac/raw/eth-demls.md
Outdated
| In order to avoid security issues like replay attacks and DDoS, | ||
| one needs to have the following aspects in mind: | ||
|
|
||
| 1. Nonce uniqueness: this can be guaranteed tracking used nonces for each signature. |
There was a problem hiding this comment.
Does the smart contract have to track this? What about estimated gas costs and practical implications?
vac/raw/eth-demls.md
Outdated
| 1. Nonce uniqueness: this can be guaranteed tracking used nonces for each signature. | ||
| This would prevent replay attacks as it provides proofs | ||
| that a nonce was used only once by a particular address. | ||
| 2. Temporal uniqueness: timestamps allow checkings to prevent the reuse of old signatures. |
There was a problem hiding this comment.
| 2. Temporal uniqueness: timestamps allow checkings to prevent the reuse of old signatures. | |
| 2. Temporal uniqueness: timestamps allow checking to prevent the reuse of old signatures. |
vac/raw/eth-demls.md
Outdated
| 5. Admin role: the creator of the smart contract would have an admin role, | ||
| allowing the dynamic management of group membership. | ||
|
|
||
| ## Pseudocode |
There was a problem hiding this comment.
Rather call this something like
| ## Pseudocode | |
| ## Protocol Specification |
There was a problem hiding this comment.
This specification should have more text-based explanations in RFC parlance (SHOULD, MUST, etc) and not just a list of code fragments.
Addition o0 anf alternative method for authentication.