Author Topic: AGS potential security issue  (Read 13088 times)

0 Members and 1 Guest are viewing this topic.

Offline testz

I feel like I've read that suggestion like 4 times already.

Yes, having a tool to sign the transaction outside the 3rd party DAC is a good idea. I think nobody is discussing it because it seems obvious...

Look like new etherum use same idea  :)
https://bitcointalk.org/index.php?topic=563925.0

Quote
13.  But I don’t trust you with my bitcoin private keys.

There is no need to trust us.  Simply sign an æther address under your control with a bitcoin private key using whatever wallet you are comfortable with (e.g., blockchain.info, Armory, etc.,) and paste the resulting signature into the æthereum client.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I feel like I've read that suggestion like 4 times already.

Yes, having a tool to sign the transaction outside the 3rd party DAC is a good idea. I think nobody is discussing it because it seems obvious...
+5%

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
I feel like I've read that suggestion like 4 times already.

Yes, having a tool to sign the transaction outside the 3rd party DAC is a good idea. I think nobody is discussing it because it seems obvious...
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
how can we protect our AGS private key while claiming shares from  3rd party DAC?

Aye.  There's the right question to be discussing.

We already do (obviously unnoticed):
https://bitsharestalk.org/index.php?topic=4737.msg61330#msg61330

Could you (@Stan or @Bytemaster) comment on Freetrades idea?

Offline Stan

  • Hero Member
  • *****
  • Posts: 2908
  • You need to think BIGGER, Pinky...
    • View Profile
    • Cryptonomex
  • BitShares: Stan
So help me understand - PTS doesn't have regulatory issues because it was mined, not issued? And in retrospect - AGS might have regulatory issues, because it was directly funded?

I'm asking because from a technical perspective I don't see any issues implementing this. It seems that you guys are avoiding it like a hot potato, but if that's what your lawyers said then I guess it explains the resistance on your part.

Don't get us wrong.  As serious AGS holders we would benefit from having them be liquid.  But we stated multiple reasons, among which are regulatory considerations.

Watch for Parts 2 and 3 of "Happy Birthday BitShares."  You'll get more insights there.

In the mean time, I'll point out that, as a ProtoDAC, XTS will make AGS partly liquid, since all BitShares X variants will be derived from it.  Over time, other ProtoDAC families will do the same.  See our March Newsletter for detail on the concept of ProtoDAC families and DAC industry sectors.

« Last Edit: June 04, 2014, 04:21:02 am by Stan »
Anything said on these forums does not constitute an intent to create a legal obligation or contract of any kind.   These are merely my opinions which I reserve the right to change at any time.

Offline bitmeat

  • Hero Member
  • *****
  • Posts: 1116
    • View Profile
So help me understand - PTS doesn't have regulatory issues because it was mined, not issued? And in retrospect - AGS might have regulatory issues, because it was directly funded?

I'm asking because from a technical perspective I don't see any issues implementing this. It seems that you guys are avoiding it like a hot potato, but if that's what your lawyers said then I guess it explains the resistance on your part.

Offline sudo

  • Hero Member
  • *****
  • Posts: 2255
    • View Profile
  • BitShares: ags
how about give a chance to  transfer AGS  such as  every other year?

Offline Stan

  • Hero Member
  • *****
  • Posts: 2908
  • You need to think BIGGER, Pinky...
    • View Profile
    • Cryptonomex
  • BitShares: Stan
Making AGS liquid will have to be a community activity and is not something we can do.  If AGS were tradable it would become property and this property could become a security with imaginative regulators.  While AGS is not tradable it is not property nor an asset.  It is merely a record of your donation that other DAC launchers may airdrop to. 

If someone wants to come along and create Liquid AGS and then market it as the better choice to airdop to then that is their business, but we cannot endorse it or 'bless it'.     

+1

Precisely.  Plus, you don't want us to:

1.  Its unique property is that it lets developers air-drop to proven donors - an awesome demographic.
2.  If you make it tradable, then it is no different from PTS.
3.  So a third party might ask, "Why is this one demographic worth 20%?"

You want PTS and AGS to stay separate demographics, each worth honoring for its own reason.

how can we protect our AGS private key while claiming shares from  3rd party DAC?

Aye.  There's the right question to be discussing.
Anything said on these forums does not constitute an intent to create a legal obligation or contract of any kind.   These are merely my opinions which I reserve the right to change at any time.

Offline sfinder

  • Hero Member
  • *****
  • Posts: 1205
  • 4 Cores CPU+100GB SSD+anti-DDoS Pro
    • View Profile
Making AGS liquid will have to be a community activity and is not something we can do.  If AGS were tradable it would become property and this property could become a security with imaginative regulators.  While AGS is not tradable it is not property nor an asset.  It is merely a record of your donation that other DAC launchers may airdrop to. 

If someone wants to come along and create Liquid AGS and then market it as the better choice to airdop to then that is their business, but we cannot endorse it or 'bless it'.     

+1

Precisely.  Plus, you don't want us to:

1.  Its unique property is that it lets developers air-drop to proven donors - an awesome demographic.
2.  If you make it tradable, then it is no different from PTS.
3.  So a third party might ask, "Why is this one demographic worth 20%?"

You want PTS and AGS to stay separate demographics, each worth honoring for its own reason.

how can we protect our AGS private key while claiming shares from  3rd party DAC?
微博:星在飘我在找|BTS X 受托人delegate ID:baidu
中国教育书店合作将20%收入捐献给贫困山区学生。
Cooperating with China Education Bookstore and will donate 20% of delegate income to the poor students

Offline Stan

  • Hero Member
  • *****
  • Posts: 2908
  • You need to think BIGGER, Pinky...
    • View Profile
    • Cryptonomex
  • BitShares: Stan
Making AGS liquid will have to be a community activity and is not something we can do.  If AGS were tradable it would become property and this property could become a security with imaginative regulators.  While AGS is not tradable it is not property nor an asset.  It is merely a record of your donation that other DAC launchers may airdrop to. 

If someone wants to come along and create Liquid AGS and then market it as the better choice to airdop to then that is their business, but we cannot endorse it or 'bless it'.     

+1

Precisely.  Plus, you don't want us to:

1.  Its unique property is that it lets developers air-drop to proven donors - an awesome demographic.
2.  If you make it tradable, then it is no different from PTS.
3.  So a third party might ask, "Why is this one demographic worth 20%?"

You want PTS and AGS to stay separate demographics, each worth honoring for its own reason.
Anything said on these forums does not constitute an intent to create a legal obligation or contract of any kind.   These are merely my opinions which I reserve the right to change at any time.

Offline bytemaster

Making AGS liquid will have to be a community activity and is not something we can do.  If AGS were tradable it would become property and this property could become a security with imaginative regulators.  While AGS is not tradable it is not property nor an asset.  It is merely a record of your donation that other DAC launchers may airdrop to. 

If someone wants to come along and create Liquid AGS and then market it as the better choice to airdop to then that is their business, but we cannot endorse it or 'bless it'.     
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline blahblah7up

  • Full Member
  • ***
  • Posts: 192
    • View Profile

As I understood the suggestion, the signed message was to be used to collect the shares of the new DAC instead of the private key.  But if the private key has already been exposed anyone who has it can create that signed message.

As far as private key already exposed there is no good way to solve that with the current system. I did like the idea of using derived individual private key per DAC so that if one DAC software steals it, it doesn't compromise the rest of your apps.

I also like this idea but it still relies on a single point of failure.  In that case you better be sure you made your AGS donation with a signed tx from a paper wallet created on an air gapped computer.

Do you think most people did?

Offline bitmeat

  • Hero Member
  • *****
  • Posts: 1116
    • View Profile


That is how I interpreted CrazyBit's suggestion.

You seem to be suggesting that AGS will be liquid but I still haven't heard anything that suggests that from anyone within Invictus.

Yes, my proposal makes it liquid and is extremely easy to implement. Had I seen some support from Invictus I would even volunteer to implement it. But no dice. So we wait. Seems like we are close for the BTS X though.

I think it's a pretty good idea, and anyone is free to implement it. Likewise anyone is free to just go ahead and implement a liquid version of AGS once the donation period ends.

I just don't think anyone here wants to change the officially endorsed definition of AGS, don't want to make the "changing the deal" reputation worse.

Right, but we wouldn't be changing the distribution amounts, just allowing ownership to be transferred, prior to launch. Anyways. We live and learn. I would do this if I know Invictus would honor it for BTSX otherwise I have no incentive at the moment.
And again, it seems they are much closer to release so defeats the purpose a bit. But had the idea met less criticism I could've had it up and running back in March.

Thanks for the positive feedback, toast!

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai

That is how I interpreted CrazyBit's suggestion.

You seem to be suggesting that AGS will be liquid but I still haven't heard anything that suggests that from anyone within Invictus.

Yes, my proposal makes it liquid and is extremely easy to implement. Had I seen some support from Invictus I would even volunteer to implement it. But no dice. So we wait. Seems like we are close for the BTS X though.

I think it's a pretty good idea, and anyone is free to implement it. Likewise anyone is free to just go ahead and implement a liquid version of AGS once the donation period ends.

I just don't think anyone here wants to change the officially endorsed definition of AGS, don't want to make the "changing the deal" reputation worse.
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline bitmeat

  • Hero Member
  • *****
  • Posts: 1116
    • View Profile

As I understood the suggestion, the signed message was to be used to collect the shares of the new DAC instead of the private key.  But if the private key has already been exposed anyone who has it can create that signed message.

As far as private key already exposed there is no good way to solve that with the current system. I did like the idea of using derived individual private key per DAC so that if one DAC software steals it, it doesn't compromise the rest of your apps.