Brand, NameHub docs should include global naming security considerations: phishing etc. #10702
Labels
cosmic-swingset
package: cosmic-swingset
devex
developer experience
documentation
Improvements or additions to documentation
enhancement
New feature or request
ERTP
package: ERTP
security
Comments
dckc
added
documentation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the Problem Being Solved?
Brand reference docs don't say why we use unforgeable objects rather than contract addresses (large ~random numbers) nor (only) cosmos denom strings for identification.
NameHub doesn't say how it addresses phishing risks.
nor Board.
Name Service docs (board, agoricNames, namesByAddress) are likewise silent.
endo reference docs don't include the petname daemon.
I don't see anything relevant in the endo daemon sources
Description of the Design
@erights is a co-author on...
Author: Christine Lemmer-Webber, Mark S. Miller, Zachary Larson, Kate Sills, Eli Yaacoby
Created:
Last modified: 2024-11-19 Tue 16:33
That seems to cite Zook's triangle and such.
Borrow material from there.
A search for petname among our youtube videos also turns up a number of hits.
The AllegedName glossary entry hints at the issues.
Security Considerations
yes
Scaling Considerations
no
Test Plan
tests and/or working examples to show the risks in tangible fashion would be ideal
Upgrade Considerations
not much?
cc @kriskowal @michaelfig @amessbee @heavypackets
The text was updated successfully, but these errors were encountered: