-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecation of eth_sign
#1930
Comments
We will discuss this at our long term planning meet next Tuesday. |
We might want to actually change the current behavior in favor of the |
Work done in this PR, waiting to merge until EIP 712 is finalized |
EIP 712 is merged! unblocked ~ |
Blocked by us actually implementing EIP 712 per spec. |
We have learned that adding a sufficient warning on the signature confirmation screen may have qualified as informed consent, and I would suggest this method no longer requires deprecation as long as we continue to adequately convey its gravity in the languages that we distribute under. |
Correct. This is not blocked, I just am no longer sure it is necessary, as the signing method is in active use, as it's very useful for low-level development and prototyping. |
That is one way of tucking it further away, but in my experience, this would just result in some applications instructing users to enable "developer mode". I think explicit warning is really the only tool we have to protect users, and we are already employing it. I'm not sure what we would gain by tucking it further away, other than friction, when we don't see any attacks successfully happening along this vector. |
Given the staleness and lack of need for this, I'm going to go ahead and close this issue. |
gradually deprecate
eth_sign
personal_sign
spec andeth-sign-util
)The text was updated successfully, but these errors were encountered: