Smart phone deployment


Avery Starr
 

Hello Corda Team,

 

Will there be any plan to develop Corda to be deployed onto phones (IOS and Android)?

 

Thanks,

 

Avery Starr | Managing Director

32 Broadway, Suite 1701, New York, NY 10004

Toll-Free: 1888-665-3066

Work: (914) 979-1888 | Cell: (914) 584-0979 | Fax: (914) 941-1315

avery.starr@... | www.seatig.com


Important Notice to Recipients: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient(s) of this communication please contact the sender and delete all copies immediately. You are not authorized to copy, distribute, or otherwise use this message or its attachments. Seatig Inc. is a global IT services company. We help our clients to develop and maintain software applications. Seatig Inc. makes no warranty that this e-mail is error or virus free.

 

 

 


Mike Hearn
 

No plans like that at this time. But if the community wishes to experiment, by all means go ahead.

It's a bit of an FAQ. We should have an FAQ section in the docsite. The main reason for hesitation is it's very unclear that people really want to be first class citizens of a distributed ledger on their own, in any great numbers. At least not with things as they are today. Consider:

  1. There's no password reset. You have to back up your file/words, and if you lose them, the underlying assets held in the wallet are "destroyed" (or at least the ledger can no longer be updated).
  2. It's not obvious what that extreme cost is actually buying you, because you haven't decentralised anything - just moved power to the vendor of the mobile app, who can push updates and change things at will.
So you really need to start by writing down the desired balance of power. Is it acceptable that users take on so much responsibility that they can lock themselves out of the ledger? If so, what happens to the assets when they do? Who has the power to fix the ledger back again, if anyone? If someone does have such power, why not just make them custodians of that part of the ledger entirely - with the mobile app just being a bog standard e-banking style frontend that submits instructions and uses passwords? Who has the power to push software updates and how is that enforced?

There are cases where this can be answered in such a way that a mobile Corda wallet would be a good fit, for instance:

  • The wallet holds a cryptocurrency. Losing keys takes the money out of circulation indefinitely, nobody has the power to restore it. Users will understand that and accept it.
  • The wallet is threshold signed in such a way that multiple development teams must collaborate to sign and push an upgrade, using e.g. Shoup threshold RSA.
For Bitcoin we did the first but not the second part, so actually, a random German guy called Andreas Schildbach controlled large amounts of bitcoins because he could push software updates at will. It is to his immense credit he was never tempted to steal them. In theory there was a PIN feature that was crunched to produce a decryption key and the app needed the password, but nothing would have stopped it just waiting until the user unlocked their wallet and then uploading all the private keys somewhere. Give it a few months and you have most of the keys. If you care about the rest, no problem, upload the encrypted wallet and brute force the keys ... there aren't many PINs and servers are much faster than phones. So, it's easy to end up with incomplete security theatre when doing cryptography on smartphones. WhatsApp/FB Messenger have the same issues.

But for most use cases you'll want some way for users to recover from mistakes, you'll want multi-grade authentication, etc. That suggests states controlled by a company rather than an individual, with phone apps just submitting commands to that company. Sorry to be a party pooper.


Gray John - Toronto-MROC
 

I love this: “So you really need to start by writing down the desired balance of power

Thanks Mike.

 

 

I remember someone saying we don’t make friends with FAQ’s, or salads. I don’t know if that’s true but we could lose money.

 

Now every time I hear of a new FAQ section on a docsite I think “maybe but very limited to a small set of distinct questions and answers that are universally true and unchanging through time. I’ve found the moment an FAQ becomes stale and inaccurate we expose ourselves to liabilities especially in jurisdictions with annoying and frivolous litigation cultures. Then you have to disclaim the hell out of it, at the same time the FAQ section grows and increases above risk and decreases touchpoints with potential customers. Maybe another consequence is sometimes FAQ sections cede hard-earned knowledge and power from expert communities.

 

From: corda-dev@groups.io [mailto:corda-dev@groups.io] On Behalf Of Mike Hearn via Groups.Io
Sent: Wednesday, July 31, 2019 12:49 PM
To: corda-dev@groups.io
Subject: Re: [corda-dev] Smart phone deployment

 

No plans like that at this time. But if the community wishes to experiment, by all means go ahead.

It's a bit of an FAQ. We should have an FAQ section in the docsite. The main reason for hesitation is it's very unclear that people really want to be first class citizens of a distributed ledger on their own, in any great numbers. At least not with things as they are today. Consider:

  1. There's no password reset. You have to back up your file/words, and if you lose them, the underlying assets held in the wallet are "destroyed" (or at least the ledger can no longer be updated).
  2. It's not obvious what that extreme cost is actually buying you, because you haven't decentralised anything - just moved power to the vendor of the mobile app, who can push updates and change things at will.

So you really need to start by writing down the desired balance of power. Is it acceptable that users take on so much responsibility that they can lock themselves out of the ledger? If so, what happens to the assets when they do? Who has the power to fix the ledger back again, if anyone? If someone does have such power, why not just make them custodians of that part of the ledger entirely - with the mobile app just being a bog standard e-banking style frontend that submits instructions and uses passwords? Who has the power to push software updates and how is that enforced?

There are cases where this can be answered in such a way that a mobile Corda wallet would be a good fit, for instance:

  • The wallet holds a cryptocurrency. Losing keys takes the money out of circulation indefinitely, nobody has the power to restore it. Users will understand that and accept it.
  • The wallet is threshold signed in such a way that multiple development teams must collaborate to sign and push an upgrade, using e.g. Shoup threshold RSA.

For Bitcoin we did the first but not the second part, so actually, a random German guy called Andreas Schildbach controlled large amounts of bitcoins because he could push software updates at will. It is to his immense credit he was never tempted to steal them. In theory there was a PIN feature that was crunched to produce a decryption key and the app needed the password, but nothing would have stopped it just waiting until the user unlocked their wallet and then uploading all the private keys somewhere. Give it a few months and you have most of the keys. If you care about the rest, no problem, upload the encrypted wallet and brute force the keys ... there aren't many PINs and servers are much faster than phones. So, it's easy to end up with incomplete security theatre when doing cryptography on smartphones. WhatsApp/FB Messenger have the same issues.

But for most use cases you'll want some way for users to recover from mistakes, you'll want multi-grade authentication, etc. That suggests states controlled by a company rather than an individual, with phone apps just submitting commands to that company. Sorry to be a party pooper.