Adding these functions to an Active Private Key can improve user experience.
I think it's the ultimate role of a wallet to deal with it, fortunately all those leaked memo keys weren't active otherwise with every such leak it would end up with assets loss.
Master Password isn't actually a key and it doesn't exist on the blockchain. It's used to simplify (sic! ;-) ) situation with keys - they are derived from it when needed (as long as user does that consistently, otherwise it can get "out of sync" with keys)
For powerdown timelock - discussed frequently and over and over again, there's an important security related issue - it is extremely important for governance (so bad actor can't get it with bags of $, make a mess and then cash out quickly before the world realize the damage - with time lock, they would have to deal with consequences for governance actions with their own assets)
When it comes to keys, one thing to consider is to allow more granular, user defined permissions for the keys, but that have a lot of caveats.
Hi Wizard!
I think memo key leaks were due to input field sharing the same name when transferring funds, and apps not warning about the potential key leaks. Now I think things are a lot better. But memo key is still confusing.
Regarding a scenario when bad actors try to do something undesirable with governance, aren't that kind of situations already mitigated with 1 month wait period before the ability to influence governance after powering up?
What do you think about a new Withdraw Key, not for decreasing power down time purposes, but to add extra security? So that if active keys are leaked assets as HP and in Savings can remain secure.
Thank you!
Yes, it's mitigated now because you need 30 days to gain full governance capabilities with newly acquired stake, and then, you need 13 weeks of powerdown to exit. Reducing power down will also reduce second half of time-lock protection (i.e. exit after messing up).
Re: extra key roles, if we are going to change something there I would be for adding custom granular permission (then if you need "withdraw key" you can define it yourself.
I didn't know custom granular permission would be possible. Something like that would be great. Thank you Wizard!
kindly vote me plz