Skip to content

Instantly share code, notes, and snippets.

@pinheadmz

pinheadmz/gateway-multisig-policy.md

Last active July 12, 2022 14:04
Show Gist options
  • Save pinheadmz/fda1510edd97a0c7c8b25ae23cc2237b to your computer and use it in GitHub Desktop.
Save pinheadmz/fda1510edd97a0c7c8b25ae23cc2237b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gateway-multisig-policy.md

Gateway Multisig Emergency Keyholder Policy

Setup

HNS TLDs submitted to the Gateway registry are held in a 2-of-3 multisig wallet constructed by these participants:

  1. TLD owner
  2. Gateway
  3. Matthew Zipkin

Role

The role of the Zipkin key is mostly for emergency purposes. Since the multisig policy is 2-of-3, any transactions needed to modify the TLD namestate can and SHOULD be created and signed by TLD owner and Gateway.

Emergencies

Zipkin will only countersign transactions when BOTH PARTIES agree that Zipkin's participation is required, for example if one of the other parties lose their private keys or their private keys are compromised. Zipkin will perform DILLIGENT EFFORTS to ensure that BOTH PARTIES are in agreement about the requested action. This will require identity verification using some or all of the following:

  1. Email
  2. Discord
  3. Video chat / selfie video
  4. Message signing with related wallet keys (for example, the address that transferred the name to Gateway)

Zipkin will maintain a spreadsheet of contact information for all parties but IS NOT RESPONSIBLE if a participant loses control of their online identity or is otherwise spoofed in order to initiate a fraudulent transaction. Zipkin can only guarantee DILLIGENT EFFORT when verifying identities to comply with emergency signing requests.

Exceptions

Renewal

Zipkin agrees to participate in name RENEWAL transactions as requested by Gateway. These transactions are essentially harmless and although they SHOULD be executed between Gateway and TLD owner, it may be easier for technical reasons for Zipkin to sign instead (e.g. lack of multisig functionality in Bob Wallet).

Missing particpant

Getting agreement from BOTH PARTIES may fail if one party is unreachable. Part of DILLIGENT EFFORTS for Zipkin means spending up to FOURTEEN DAYS attempting to contact both parties. If one party can not be reached after this time, Zipkin WILL NOT ACT.

Dispute

If there is a dispute between Gateway and TLD owner, Zipkin WILL NOT ACT. It is not Zipkin's responsibility to solve disputes or choose winners or take sides. Legal action / intervention may be required in case of a dispute to compel one party to agree to the emergency signature action.

Party replacement

Zipkin will accept transfer of authority in extreme cases only. For example, death of a participant. In these cases DILLIGENT EFFORTS will be applied to any next-of-kin or legal succession as applicable by law. Zipkin IS NOT REQUIRED to act. In some cases, death or absent parties may result in a HNS name simply expiring.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment