But how do you know if it’s the person who bought the service or not? Email login?
Hmmm I’ve been thinking about this problem of the blind signer as I have been vibe coding this:
https://github.com/kiwihodl/Seed-E
And once I figure out the right approach I’ll build it in flutter + rust. I don’t think “traditional” multisig should be used, because of the poor key management should a key get compromised.. but it seems blind schnoor signatures and BIP32 seeds with blinded xpubs are the best option.
Regarding the blind signers validation, can you take the presumption that their key / work should not need any proof other than it’s an empty PSBT from the person who bought the service? So that this person can request a signature, whether in the seed-e (lol, will change name) or the frost snap wallet and this is all the proof needed? By being blinded you’re kind of treated like a hot key in terms of just signing, but have metal backup of keys share / seed..
I’m not sure the best solution here, I’m early into just throwing things at the wall to see what sticks.
Discussion
That’s the clients responsibility to ensure good opsec - username, password, 2FA, master key if they loose any of the inputs forementioned and need to change password / 2FA.
Still thinking it through, adding unique keys per key purchased and request and using it to mitigate replay attacks.
Client follows provider on Keybase, they should probably have some secured comms.. but signature requests and PSBT sharing should go through the platform to ensure the 7day (minimum) wait before the provider signs, which should be ample time for the client to be alerted and contact the provider.
There will be better ways of proving the client is who they say they are, signing xyz message or something.. still thinking it through what the best approach is, and actually if it’s for me to even decide that or let people figure it out themselves and just provide the means to do that as I iterate through.