Moniker spoofing


#1

It seems to me like moniker spoofing is a risk, to node reputation at the least.

A possible way to address this may be to have monikers registered to an address and require signing from that address to associate the moniker to a node.


#2

The risk would still exist because spoofers could use similar spellings, etc to the real validator’s moniker.
e.g.
real validator’s moniker: engineer_x
spoofer’s moniker: engineeer_x

Maybe ask delegators to check validator address (or something else that is derived from the private key) before believing spoofer’s story.

Staking commands use “account_cosmosaccaddr” already, and not moniker, so this risk is somewhat mitigated.


#3

Good ol’ Zooko’s Triangle:

One solution would be to use an existing naming system like DNS for monikers. Then it would be possible to tie a domain name to a key, using e.g. a TXT record (an approach not too far off from the DV method for issuing X.509 certificates)


#4

I see. Thank you luigi, makes sense.


#5

Zooko’s triangle :rofl: I love being involved with a group of smart people :wink: