Use wallet.solana.com as a trusted display for hardware wallets #530
Description
Forwarding an issue created by @aeyakovenko here: https://github.com/solana-labs/ledger-app-solana/issues/3
Problem
Hardware wallets require parsing and displaying messages inside the TPM to confirm the signing request.
Solution
We could use wallet.solana.com as a trusted display as well. Basically decode and show the hash and the transaction details in our hosted wallet, confirm the hash on the ledger. Users should confirm the transaction hash from another machine, like a mobile device.
If solana.com is compromised users would not be able to sign messages, but funds should remain secure as long as the local machine is not compromised either.
Another idea:
Maybe this is overkill, but the cli transactions could require a co-signature from the web wallet. The web wallet key is not referenced in any instructions, but the signature would force the user to look at the web wallet with their phone preferably.