Principles - how to sign them cryptographically

oskarth · August 9, 2018, 2:08am

Hi all!

It’s now been 72 hours since latest minor update to our principles (https://github.com/status-im/ideas/pull/290). Over the last month, and especially over the last week or two, we’ve seen a lot of engagement and tweaks from many core contributors. Since no one has raised any major deal breakers (“I won’t sign with this in”), it’s time to move onto the next stage: core contributors cryptographically signing these principles.

Why sign these cryptographically? These are our principles and values that we collectively stand behind. This means it should come from all of us, and not just from a select few. That’s what gives them weight and importance. We (cryptographically) sign these to signal this type of commitment and shared agreement, a consensus.

Instructions

Go to Status (short-link Status) in a web browser or in Status.
Click on Web3 (Status) or MetaMask/Ledger (Web) and login. Read the principles carefully, then click sign.
At the bottom of the screen, a new field appears with a long message. This is the proof that only you (or only someone with possession of your keys) signed this specific message. Copy paste it into the “Verify” section to make sure all went well. Then take that same signed message and paste it into #principles-signatures in Slack. If you close the message in “````” it’ll be easier to read/copy paste, so would be much appreciated.

These signatures will then be collected in some form (google sheet, gist of some kind) and can be used to publicly communicate how we all stand behind these principles.

Mini-FAQ

Which key should I use?
Whichever you want that you are in control over. This could be your default Status key that you use every day, your Ledger HW key were you store your dough, your Metamask key where you receive your kudos. Or even a new one you create, if you prefer the privacy.

Why Slack? Seems strange.
It’s the simplest thing that can work, given the current state of Identity, etc. As you paste it into this Slack channel we make a few assumptions. Most important of this is that) you as a core contributor is in control of your Slack account and the address in the signed message is yours.

Why not jut say “I agree with these principles ” in Slack then?
What would be the fun in that?!It also gives it more weight - just like if you sign a physical contract with your signature as opposed to saying “yeah sure sounds good”.
Also, the link might change, so it’s important the message stays immutable. That’s what cryptographic signatures provides.

Kudos to @Barry for setting up the custom MyCrypto instance!

Please sign these (barring people being out on vacation etc), or make a strong argument against them end of next week. If you need help signing, please ping in #contracts.

Any subtleties or extensions can and should be elaborated on in the annotated version of these principles here: My first HackMD note (playground) - HackMD - if you want to add something there just do it, and please don’t ask for permission before doing so. Even better, write up your own view of how these principles apply to the work we are doing!

jarradhope · August 9, 2018, 11:31am

I don’t understand why we’ve rebranded MyCrypto? What does this do vs just calling web3.eth.sign ?

Also it’d be great to make a smart contract that we can use to check if users have signed the principles as a means of locking our future dao functions to those who haven’t (had mentioned this to someone and checking to see if it made it through communication line)

Also Let’s try using Swarm moving forward.

ceri · August 9, 2018, 6:23pm

Cheers Oskar!

If anyone else is struggling with how to get this done, here’s how I managed it. If someone else has an easier way than this, please do share! I found it quite fiddly, hope I did this the right way

Open the Status app on your phone (don’t use laptop browser).
Go to Home, click the + in the top right, then Open DApp
In the Enter URL box, type Status
Click Web 3 - then click Sign Message
A text box will appear underneath, you’ll need to select and copy the text in this box. This took me ages as my iPhone wouldn’t select all so I had to keep scrolling the little box on my phone
There’s a tab alongside Sign Message called Verify Message, click it, paste, and then hit Verify Message - you should get a green success banner
Open Slack app on your phone, go to #principles-signatures, paste
Open Slack on laptop, go back and format post with ``` to make it a quote (I couldn’t find the ` on my phone keypad).

Obi2020 · August 14, 2018, 6:51pm

Confirming we should ignore the note that says “Include your nickname and where you use…” - under the Sign Message button

oskarth · August 16, 2018, 2:24am

Confirming.

Collection of sigs so far: https://docs.google.com/spreadsheets/d/1IORU-yQhSFjQPz4OvySw2q1ZTDXjN6kmPePX8KtZs04/edit#gid=0

ceri · October 9, 2018, 10:44am

For new joiners reading this in a world without Slack - hi!

Please copy paste your signature confirmation into Status at #status-principles

lightnode93 · November 22, 2018, 2:01am

I can’t sign with web3 when using the latest version of Status using Browser Privacy mode. Asks to connect to MetaMask instead.

I believe I’ve actually signed them before from a different account, but wanted to sign from Status because… well, you know… that’s the point.

oskarth · November 22, 2018, 5:01am

FYI: Signing principles cryptographically will be probably be part of requirement per Status.app for multisig funding in Status Network. For this to work there should be a collection of sigs on e.g. Swarm or IPFS, and then a predicate contract hasSignedPrinciples(version-hash, pubkey). cc @barry and @Graeme re latest on this, or plan for it.

Graeme · November 22, 2018, 9:32am

Hi Oskar,

Looked at existing options on market, (on signing dapp sheet),

My preferred choice is https://opensignapp.com/, it does require the end user to pay GAS, but that in itself is a good signal of serious intent.