From 9de0d94508828f5fdfaf688ccda5a91d38b32c58 Mon Sep 17 00:00:00 2001 From: Michael Dietz Date: Fri, 3 Sep 2021 13:42:05 -0500 Subject: doc: add disclaimer highlighting shortcomings of the basic multisig example --- doc/descriptors.md | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'doc/descriptors.md') diff --git a/doc/descriptors.md b/doc/descriptors.md index f38caa81cb..70d0926a1b 100644 --- a/doc/descriptors.md +++ b/doc/descriptors.md @@ -143,6 +143,14 @@ are lexicographically ordered as described in BIP67. For a good example of a basic M-of-N multisig between multiple participants using descriptor wallets and PSBTs, as well as a signing flow, see [this functional test](/test/functional/wallet_multisig_descriptor_psbt.py). + +Disclaimers: It is important to note that this example serves as a quick-start and is kept basic for readability. A downside of the approach +outlined here is that each participant must maintain (and backup) two separate wallets: a signer and the corresponding multisig. +It should also be noted that privacy best-practices are not "by default" here - participants should take care to only use the signer to sign +transactions related to the multisig. Lastly, it is not recommended to use anything other than a Bitcoin Core descriptor wallet to serve as your +signer(s). Other wallets, whether hardware or software, likely impose additional checks and safeguards to prevent users from signing transactions that +could lead to loss of funds, or are deemed security hazards. Conforming to various 3rd-party checks and verifications is not in the scope of this example. + The basic steps are: 1. Every participant generates an xpub. The most straightforward way is to create a new descriptor wallet which we will refer to as -- cgit v1.2.3