Hi All, we just rolled out a utility to help renew your existing Blockstack id. RenewMyBlockstackId.Info. Hope this helps out anyone, like myself, who has been worried about ID expiring.
That is great to check. However, asking to enter the seed phrase is not good IMHO. We should teach users to never ever enter the private keys, seed phrases, etc. in arbitrary sites or apps.
@josephfoboyle.id could add the renewal code to the pull request on the blockstack browser?
Our FAQ talks about the importance we put on mnemonic key. The blockstack extension works the same way to log in. We need the key to submit the renewal. We will be adding zonefile change to the next version. We also want to have our own service to create ID’s and namespaces. Our approach is to build services around the ID/namespace/GAIA/zone management services. Any input appreciated.
the code to renew names is exceedingly simple (it’s all in the
blockstack.js code), so no pull request would be effective unless he also merged ui code, which doesn’t match.
I think the goal of this project is to be easy to use for those who don’t want to download the blockstack-cli and figure it out (because that’s the only other route right now) – but of course it will never be as secure as doing it in the official browser etc, etc.
Especially if the service is about convenience it should make it clear and transparent how this affects security.
Update zone file page exists already in the browser.
Would you mind to review this PR? https://github.com/blockstack/blockstack-browser/pull/1924
What else could we put in our FAQ to help detail the convenience and how we take care of the key? Is the zone update in the browser? I cant seem to find. Thanks for your feedback.
Yes, there is a zone update page. http://browser.blockstack.org/profiles/0/zone-file (however, it is broken in the current version)
If you want to be an authenticator your service makes sense. If you provide one action, then entering seed phrases is a no-go. Especially when you want to educate users.
Teach them that the more authenticators you hand over your keys the more in danger they are.
We absolutely want to be an authenticator. We are adding namespace registration ability next. We should have more than Blockstack being the only way to buy id’s and namespaces. We completely understand the dangers of asking for mnemonic but cannot provide this renewal function without key. Even without the key, you are still susceptible to bad apps/developers. They could be siphoning all your info in that app, and if you dont know how to check, you wont know. Ability to help businesses and people register iD’s and namespaces is what we want to do. Educate them on what opensource apps to trust and build off of. How to get good/trusted dApp developers. We believe other services will come once people and business realize they have to have a namespace. Thoughts?
Personally, I would only trust open source authenticators that heavily promote to not run the app as hosted version.
I think namespaces will become more interesting if app chains come alive and your namespace lives there…