This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
L2: modify persistent-setup to require "Welcome Screen" #63
Labels
documentation
Improvements or additions to documentation
enhancement
New feature or request
no-issue-activity
Milestone
Comments
BenWestgate
added
documentation
|
Stale issue message |
|
@BenWestgate: convert this to a discussion "L2 design" |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Then modify
bails-walletintobails-signerwhich will refuse to run if networking is on and warn and prompt to shutdown.A new autostart will do the same thing on startup if it doesn't detect offline mode. It will not be practically possible to remove these features or connect to Tor if starting with networking. It will also prompt to turn the persistent feature of welcome screen, dotfiles, gnupg back on.
bails-signercreates and recovers the same BUT the wallet name step only has amnesic option. And it will always display the QR for its descriptors on creation. A way to redisplay the descriptor QRs in bails-menu is needed.Instructions will clearly say not to store your
bails-signerUSB with your Bails Node for security reasons. Nor both devices together.The two devices will be a 2-of-2 together
We need two evil maids in two locations to wreck this setup.
It's looking like the most effective way is to add a key or two to your "High" security hot wallet and store them in locations where only you know and then give 100% of the shares of
bails-signerto heirs, family, friends, and professionals. All of whom must be instructed at least inside the envelope if not explicitly to only release their shares under specific conditions which ensure your freedom and safety and verified.The default threshold will be 3 for this wallet. But a lower and higher level will be available as well as the usual customization. This is because people differ wildly in the number of heirs they have from just their parents and maybe one best friend or trusted professional to dozens.
3 is best however as the shares people are holding will not reveal the use of the 2-of-2 multisig scheme while threshold 3 would.
Assuming wallet is persisted on the offline signer the minimum security level is 2 things you have 1 thing you know (the passphrase).
If the offline signer wallet is amnesic. Then it will take 1 share from loved ones, the passphrase and the public key fingerprint of the online Bails to recover. This is still "3 things" passphrase, ability to watch the L1 wallet and a share from
bails-signerAdding a share to the L1 setup will be MANDATORYotherwise going to multi-sig inevitably increases their risk of accidental loss since it's 2-of-2.
It's possible this setup can optionally decay to 1-of-2 after many years. 5-10 seems reasonable to discourage murder and incarceration.
The text was updated successfully, but these errors were encountered: