|
| 1 | +# Secure Registrar Setup Guide |
| 2 | + |
| 3 | +## Core Architecture |
| 4 | + |
| 5 | +The registrar setup consists of three key components: |
| 6 | +1. Pure Proxy (Main Registrar) - controlled by multisig, stays cold |
| 7 | +2. Multisig - for governance and critical operations only |
| 8 | +3. Identity Judgement Proxy - hot wallet for registrar operations |
| 9 | + |
| 10 | +## When to Use Multisig |
| 11 | + |
| 12 | +Multisig is required ONLY for these critical operations: |
| 13 | +1. Requesting registrar rights via governance for the pure proxy |
| 14 | +2. Setting supported bitflags (declaring which identity fields you verify) |
| 15 | +3. Setting up new Identity Judgement proxy |
| 16 | + |
| 17 | +All other operations should use the Identity Judgement proxy. |
| 18 | + |
| 19 | +## Operational Flow |
| 20 | + |
| 21 | +### Initial Setup |
| 22 | +1. Create pure proxy (will be your registrar address) |
| 23 | +2. Set up multisig (minimum 3/5 recommended) |
| 24 | +3. Request registrar rights via governance |
| 25 | +4. Set supported identity verification bitflags |
| 26 | +5. Create Identity Judgement proxy for server operations |
| 27 | + |
| 28 | +### Daily Operations |
| 29 | +- Identity Judgement proxy runs on server |
| 30 | +- Provides actual judgements |
| 31 | +- Main registrar (pure proxy) stays cold |
| 32 | +- No multisig needed for routine judgements |
| 33 | + |
| 34 | +## Security Model |
| 35 | + |
| 36 | + |
| 37 | + |
| 38 | +The diagram shows the complete security setup: |
| 39 | +- Pure proxy at the top serves as the registrar |
| 40 | +- Controlled by a 3/5 multisig |
| 41 | +- Identity Judgement proxy connected to server hot wallet |
| 42 | +- Members 1-5 participating in multisig operations |
| 43 | +- Ownership of registrar can be assigned to new wallet/multisig |
| 44 | + |
| 45 | +## Transaction Review |
| 46 | + |
| 47 | +CRITICAL: Always verify transactions on Polkadot.js Apps: |
| 48 | +``` |
| 49 | +1. Visit: https://polkadot.js.org/apps/?rpc=wss%3A%2F%2Fpeople-paseo.dotters.network#/extrinsics |
| 50 | +2. Go to 'Decode' section |
| 51 | +3. Paste raw transaction (e.g., 0x2a0400000000000000) |
| 52 | +4. Verify ALL parameters |
| 53 | +5. When sharing multisig calldata, send extrinsics link for easier verification |
| 54 | +``` |
| 55 | + |
| 56 | +## Multisig Changes |
| 57 | + |
| 58 | +IMPORTANT: Multisig membership cannot be changed once created. To handle member changes: |
| 59 | +1. Create entirely new multisig with desired members |
| 60 | +2. Use old multisig to give control rights to new multisig over pure proxy |
| 61 | +3. Use new multisig to remove old multisig's rights |
| 62 | + |
| 63 | +This is why we use pure proxy as registrar - it allows changing the controlling |
| 64 | +multisig while maintaining the same registrar identity. |
| 65 | + |
| 66 | +## Common Operations |
| 67 | + |
| 68 | +### Setting Up Judgement Proxy |
| 69 | +1. Create new proxy for Identity Judgement |
| 70 | +2. Use multisig to authorize it |
| 71 | +3. Verify setup via transaction decode |
| 72 | + |
| 73 | +### Providing Judgements |
| 74 | +1. Use Identity Judgement proxy |
| 75 | +2. No multisig required |
| 76 | +3. Server can operate autonomously |
| 77 | + |
| 78 | +### Changing Supported Fields |
| 79 | +1. Requires multisig |
| 80 | +2. Update bitflags via pure proxy |
| 81 | +3. Verify via transaction decode |
0 commit comments