Metastate,
Lets recap. You posted your Stateful Baking Accounts proposal on May 6th. In which the consensus key was non-spendable. This matches your gitlab merg request for Stateful Baking Accounts which has the consensus key as non-spendable.
Both your initial code and your blog spec had the consensus key as non-spendable.
At this point many of us raised concerns about having a non-spendable consensus key. Documented on this agora thread. Then you silently updated your blog to make the key spendable. This was dishonest. You should have told the community directly on the Agora thread which you were engaging on. Nothing wrong with changing ones mind.
However your blog states that you made key spendable for “backwards compatibility”.
Which likely meant you were going to have the consensus key be 1 of N on the multisig contract- easy to implement. The problem with this is if you set the multisig to 2 of 2 you get the same security issues as having a non-spendable key.
This is why I asked specifically “consensus key always be spendable, in and of itself, independent of the operator account?” while fully quoting your blog post in the initial question. So we could get the key changed to always spendable independent of the multisig. Initially you didn’t understand the question, so I had to ask again with an example, and quoted the part that mattered. Of course you lied about the quoting.
At this point the community has burned several weeks getting the proposal tweaked to be more secure, and therefore passable. People have been ignored, gaslighted or given non-answers while on the backside those who are connected see our comments and get Andrian to fix his proposal.
This is a critical point, notice none of the big bakers are here in the AMA asking questions. Why are they absent at this critical juncture? The answer is Awa and Adrian deal with them in private chats and private conversations. This is the Tezos cartel.
This informal cartel is also why Metastate gaslights people and pretends they already made the changes even though the public record shows otherwise. It’s to maintain an illusion of authority. They don’t need the plebs they already have built the support in private channels.
Even now, Metastate has no clue about security nor the implications of their changes. They spam non related links while still arguing for a non-spendable consensus key. This strawman argument doesn’t even pass a smell test.
I’ve consistently stated that there are many incentives that secure the network. One of which is having the consensus key spendable because it is a bounty on the node. Node operators secure the node to defend against hackers making the Tezos ledger more secure in the process. Second slashing exists to punish bad baker behavior, not for node security. These are separate incentives that work together to help secure the network. Yet Metastate clearly shows they do not get it by arguing for only slashing.
The other obvious issue that Metastate ignores is the centralizing aspect of non-spendable consensus keys. Which is perhaps the most critical.
Digging further into Metastates merg request you can also see Adrian championing an implicit feature of having one physical baker for multiple operator accounts. Again this is a security fail as it allows any physical baker to grow without capital constrain, also incentivizes fewer nodes to run.
Up until this point I’ve been trying to get their proposal functional by pointing out issues but given Metastate is not ethical, I cant trust their code. Given they don’t understand basic security, again, I can’t trust their code. Even if we keep getting them to fix all obvious issues, I doubt Adrian has thought of all corner cases.
This proposal is high risk and low reward even though bakers need the ability to change their key.
-Justin
