-
Notifications
You must be signed in to change notification settings - Fork 71
Signature vs Express Of Trust
A TokenScript can be signed by one or more entities or trusted by one or more entities.
By signing, it is associated with an identity. Currently, we relax the requirement to allow web certificate, which is typically not supposed to be used in Signing, to sign a TokenScript, indicating that the TokenScript is authored by a certain website's team. AlphaWallet-issued TokenScripts are signed with a DV certificate with higher authenticity, as a 3rd-party has verified the organisation (AlphaWallet Pty Ltd).
The signing of TokenScript does not indicate the TokenScript has anything to do with the very token for which it is providing essential security functions (e.g. forming a transaction). That part is dealt with Express-of-Trust.
An express-of-trust is a normal Ethereum transaction coming from a token contract's deploying address, showing that the same person who deployed the token contract trusts the TokenScript. The recipient address is one that is calculated from the TokenScript's DigestValue. The amount can be anything, normally zero but any ether sent in that transaction is considered a tip to the TokenScript project. More in the document