Principles - how to sign them cryptographically

principles

#1

Hi all!

It’s now been 72 hours since latest minor update to our principles (https://github.com/status-im/ideas/pull/290). Over the last month, and especially over the last week or two, we’ve seen a lot of engagement and tweaks from many core contributors. Since no one has raised any major deal breakers (“I won’t sign with this in”), it’s time to move onto the next stage: core contributors cryptographically signing these principles.

Why sign these cryptographically? These are our principles and values that we collectively stand behind. This means it should come from all of us, and not just from a select few. That’s what gives them weight and importance. We (cryptographically) sign these to signal this type of commitment and shared agreement, a consensus.

Instructions

  1. Go to https://ipfs.io/ipfs/QmVw3nN4dr5q6FXw2QPrcQoYXEoLTEScDBuLAPNnAVnexC/#/sign-and-verify-message/sign (short-link http://bit.ly/status-principles-signature) in a web browser or in Status.

  2. Click on Web3 (Status) or MetaMask/Ledger (Web) and login. Read the principles carefully, then click sign.

  3. At the bottom of the screen, a new field appears with a long message. This is the proof that only you (or only someone with possession of your keys) signed this specific message. Copy paste it into the “Verify” section to make sure all went well. Then take that same signed message and paste it into #principles-signatures in Slack. If you close the message in “````” it’ll be easier to read/copy paste, so would be much appreciated.

These signatures will then be collected in some form (google sheet, gist of some kind) and can be used to publicly communicate how we all stand behind these principles.

Mini-FAQ

Which key should I use?
Whichever you want that you are in control over. This could be your default Status key that you use every day, your Ledger HW key were you store your dough, your Metamask key where you receive your kudos. Or even a new one you create, if you prefer the privacy.

Why Slack? Seems strange.
It’s the simplest thing that can work, given the current state of Identity, etc. As you paste it into this Slack channel we make a few assumptions. Most important of this is that) you as a core contributor is in control of your Slack account and the address in the signed message is yours.

Why not jut say "I agree with these principles " in Slack then?
What would be the fun in that?!It also gives it more weight - just like if you sign a physical contract with your signature as opposed to saying “yeah sure sounds good”.
Also, the link might change, so it’s important the message stays immutable. That’s what cryptographic signatures provides.

Kudos to @Barry for setting up the custom MyCrypto instance!

Please sign these (barring people being out on vacation etc), or make a strong argument against them end of next week. If you need help signing, please ping in #contracts.

Any subtleties or extensions can and should be elaborated on in the annotated version of these principles here: https://hackmd.io/5jB9lWyIQpO8lG1cyLR8oA?both - if you want to add something there just do it, and please don’t ask for permission before doing so. Even better, write up your own view of how these principles apply to the work we are doing!


#2

I don’t understand why we’ve rebranded MyCrypto? What does this do vs just calling web3.eth.sign ?

Also it’d be great to make a smart contract that we can use to check if users have signed the principles as a means of locking our future dao functions to those who haven’t (had mentioned this to someone and checking to see if it made it through communication line)

Also Let’s try using Swarm moving forward.


#3

Cheers Oskar!

If anyone else is struggling with how to get this done, here’s how I managed it. If someone else has an easier way than this, please do share! I found it quite fiddly, hope I did this the right way :slight_smile:

  • Open the Status app on your phone (don’t use laptop browser).
  • Go to Home, click the + in the top right, then Open DApp
  • In the Enter URL box, type http://bit.ly/status-principles-signature
  • Click Web 3 - then click Sign Message
  • A text box will appear underneath, you’ll need to select and copy the text in this box. This took me ages as my iPhone wouldn’t select all so I had to keep scrolling the little box on my phone
  • There’s a tab alongside Sign Message called Verify Message, click it, paste, and then hit Verify Message - you should get a green success banner
  • Open Slack app on your phone, go to #principles-signatures, paste
  • Open Slack on laptop, go back and format post with ``` to make it a quote (I couldn’t find the ` on my phone keypad).

#4

Confirming we should ignore the note that says “Include your nickname and where you use…” - under the Sign Message button


#5

Confirming.

Collection of sigs so far: https://docs.google.com/spreadsheets/d/1IORU-yQhSFjQPz4OvySw2q1ZTDXjN6kmPePX8KtZs04/edit#gid=0


#6

For new joiners reading this in a world without Slack - hi!

Please copy paste your signature confirmation into Status at #status-principles


#7

I can’t sign with web3 when using the latest version of Status using Browser Privacy mode. Asks to connect to MetaMask instead.

I believe I’ve actually signed them before from a different account, but wanted to sign from Status because… well, you know… that’s the point. :grin:


#8

FYI: Signing principles cryptographically will be probably be part of requirement per Status Network: Layer 1 - Liquid Funding for multisig funding in Status Network. For this to work there should be a collection of sigs on e.g. Swarm or IPFS, and then a predicate contract hasSignedPrinciples(version-hash, pubkey). cc @barry and @Graeme re latest on this, or plan for it.


#9

Hi Oskar,

Looked at existing options on market, (on signing dapp sheet),

My preferred choice is https://opensignapp.com/, it does require the end user to pay GAS, but that in itself is a good signal of serious intent.