wakoinc on Nostr: My issue is they make the devices and OS. And I’m not sure we should (read: please ...
My issue is they make the devices and OS. And I’m not sure we should (read: please don’t) trust apps directly, to be honest, as they are a target vector.
External signing devices are great. What’s missing is a layer perhaps where the external signing device says, “hey, your last message to Dave was to pubkey X, it’s now Y” or similar - however I favour dumb signing devices.
A trusted OS would be ideal to perhaps have this security layer to keep/compare state and make it obvious/transparent - it’s just painful that we can’t trust the OS.
External signing devices are great. What’s missing is a layer perhaps where the external signing device says, “hey, your last message to Dave was to pubkey X, it’s now Y” or similar - however I favour dumb signing devices.
A trusted OS would be ideal to perhaps have this security layer to keep/compare state and make it obvious/transparent - it’s just painful that we can’t trust the OS.