Important Community Update on ic0.app domain being flagged by an anti-spam blocklist

Mr_Burkes · March 1, 2023, 12:49pm

Yeah, when will the IC be a DNS resolver we can point to? That might work

diegop · March 10, 2023, 7:22pm

Update on action item from original list: FOLLOW UP ON ACTION ITEM: New canisters will only be accessible through the icp0.io domain. Existing canisters will be accessible both through ic0.app and icp0.io

apotheosis · March 15, 2023, 6:14am

But this domain was throwing errors for our users on their browsers…
therefore we switched everyone back to raw.ic0.app.

What do you do about canisters that are created that need to be raw… but are new?
raw.icp0.io

Roman · April 18, 2023, 6:38pm

bjoern:

We are currently designing a scheme that allows any canister on the Internet Computer to use the ICP hardware wallet app for securely displaying and signing transactions, and that would work as follows:

The canister developer specifies for each pair of (canister id, method name) a schema for rendering the parameters. That would likely be a transaction name and a structure that specifies for each field of the Candid argument whether it should be displayed and the title that should be used. (We need to devise a format for this, this actually is the main open design task.)

The canister then signs said schema with the IC’s threshold ECDSA signature method.

The dapp front end sends the unsigned transaction along with the signed schema to the hardware wallet.

The hardware wallet derives the canister’s ECDSA public key from the IC’s ECDSA root public key and the canister id, and verifies the signature on the schema. It then uses the schema to display the transaction to the user, and signs the transaction when the user approves.

Hi @bjoern, hope this message finds you well. Any ETA of this wonderful feature ?

memetics · July 28, 2023, 2:01pm

Yubico recovery should be implemented securely this needs to be worked on ASAP

It’s unfair that we will be unable to recover our accounts and are being forced to use insecure seedphrases

Literally what’s the point in setting up a Yubico recovery if it’s useless in emergency scenarios

sea-snake · July 28, 2023, 9:19pm

Sadly it’s a browser limitation in the WebAuthn spec, there isn’t any way to work around that as far as I know. It’s basically scoped to the domain to prevent phishing, but that also means you’re out of luck when the domain is no longer there

Only workaround I can think of would be an app/cli tool to register and use the yubico key outside the webbrowser (the tool would basically use the same canister methods but its not tied to a domain).

memetics · July 28, 2023, 9:52pm

Sorry you say this works but you can’t delete recovery phrases anymore ( correct me if I am wrong please )

memetics · July 28, 2023, 10:04pm

Is a migration path still being worked on for the new link or should we just set up manually

jwendling · August 2, 2023, 7:09am

Hey @memetics, quite some time has passed when I confirmed this, but you are right that it is no longer possible to delete the passphrase.

Topic		Replies	Views
Ic0.app is marked as a phishing website on Malwarebytes DFINITY	1	699	August 25, 2022
URGENT: Application not accessible via browser on subnet pjljw-kztyl-46ud4-ofrj6-nzkhm-3n4nt-wi3jt-ypmav-ijqkt-gjf66-uae Developers	6	421	July 27, 2022
Boundary Nodes Connectivity Incident Retrospective - Wednesday October 13, 2021 Developers	10	655	October 28, 2021
How to register domains? Developers	3	812	June 8, 2021
Issue with DNS to ERR_SSL_PROTOCOL_ERROR in Chrome (Swisscom) General	8	297	January 15, 2024

Important Community Update on ic0.app domain being flagged by an anti-spam blocklist

Related Topics