Systems that rely on trusted authorities can be compromised with low cost (case in point: SSL/TLS). Panvala solves this problem by decentralizing trust through a token-curated registry.https://twitter.com/PanvalaMark/status/1016337610787180545 …
-
-
Replying to @muellerberndt
This pushes a HUGE amount of risk onto security reviewers and away from the contract owners. Won't people just attack or sue the parties voting in support of contracts when bugs are found later?pic.twitter.com/80u0HHFa9D
3 replies 0 retweets 0 likes -
Replying to @dguido
The Panvala mark means that a majority of participants agree that certain standards have been followed. It's the task of the community to ensure that the standards are sufficient to prevent bugs (e.g. cross checking audit-reports).
1 reply 0 retweets 0 likes -
Replying to @muellerberndt @dguido
But as we all know, there's never a 100% guarantee. The TCR reflects the opinion of the security community as a whole (hopefully including
@TrailofBits). Consumer reports is a good analogy.2 replies 0 retweets 1 like -
Replying to @muellerberndt @trailofbits
Consumer Reports tells you "We like it" or "It works", not "It withstands sustained, active attack." UL is closer, though they also do not incorporate adversary-induced failure cases in their certifications afaik.
1 reply 0 retweets 0 likes -
Thinking about it more, I think the closest analogy is PCI Compliance.
1 reply 0 retweets 0 likes -
Replying to @dguido @trailofbits
The wording and exact specification for the mark(s) will need some fine-tuning. Perhaps "compliant" or "approved" might be more fitting than "safe"?
1 reply 0 retweets 0 likes
I'll watch how this evolves over time! I think you've got to be cognizant of the position this puts reviewers in, and the type and granularity of the data they report rather than simply "safe."
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.