Delegating Primary Name

With the rise of SIWE, using and properly securing your self sovereign identity is more important than ever. However these two things seem at odds with each other.

With the following setup, I’d be free to SIWE on any dApp without putting my ENS name and other cold storage valuables at risk to a malicious contract/request:

  • Hold (Registrant) and control (Controller) my ENS name in cold storage along with my valuables
  • Resolve my ENS name to my cold storage address (Address)
  • Use a hot wallet to SIWE, Sign messages, mint NFTs etc. (Primary Name)

I attempted to implement this, but couldn’t. The impediment being that the Primary Name can only be set by the address in the Address field. I think this would work if the Controller had Primary Name privileges? But it doesn’t. I suppose I’m attempting to delegate my Primary Name?

I’m sure there’s a million reasons why this is a bad idea, but it also seems like a valid use case. It’s also very possible I’m misunderstanding something fundamental to the protocol. What am I missing?

I think I understand what you are saying. I’m a little bit confused about your ‘cold storage’ valuables being in the mix. I don’t think that keeping what most would consider valuable; on this chain --in the mix with your registrant or controller address(es) will be considered cold storage anymore. Just keep anything that you don’t want to risk in cold storage. Merely having valuables attached to a public account is enough to expose some degree of vulnerability as it is more information presented. if that makes sense.

Unless you want people to know about your assets?

1 Like

Setting the primary name for a wallet address can be done by the wallet or any wallet which has been delegated to, so this part is not the problem. The problem is that the full reverse resolution process

requires that a forward resolution is completed and the addresses must match. If the eth address is set to a vault, then the address won’t match when logging into a site with a hot wallet.

What you are really describing is wallet delegation, which has to be handled by the dapp using a service like

1 Like

@accessor.eth The definition of cold storage hasn’t changed, what has changed is that people want to share cold wallets publicly and prove ownership of cold wallets using hot wallets.

Another way of explaining of what I’m (and many others) are trying to accomplish is:

  1. Protect my NFT collection (including ENS name) in cold storage
  2. Share my collection with people by simply providing my ENS name
  3. Identify in Web3 as my ENS name without putting my cold storage assets at risk

As @Premm.eth points out, 1 and 2 are possible, 3 is not. Secondary registries (like popping up is evidence of demand for this use case. Doesn’t ENS want to be the registry?

What if, as an example, we carved off an exception for a specific subdomain like delegate, and delegate.yourname.eth always resolved to the Parent’s address instead of the address in the address field. Then I could point the address field of delegate to my hot wallet so it could set my Primary name.

Is this a viable solution?

Throwing in more resources as examples of how others are linking wallets.

“EPS is a way of linking together ethereum addresses. It allows you to interact with applications and smart contracts as one wallet address, while proving you own assets at another address, and have new assets delivered to an address you decide.”


The idea is to be able to login to a dapp, with a hot wallet and be able to have reverse resolution of that hot wallet address to your name that you hold in a vault and direct the forward resolution eth address to the vault as well.

One way to do this would be to add a step in the reverse resolution process, so that instead of just checking to see if the eth address is the same as the hot wallet logging in, it would be possible to check a delegation registry, where another address is trustlessly delegated to.

This is basically the same thing as, except we would be telling all the clients that they need to change the way they do reverse resolution, instead of just adopting a delegation service voluntarily. Using it is totally possible to delegate an individual ENS name to another wallet address.

It would be great if there was more info on this on the website and docs. If anyone wants to work on this, I am sure that would be happy to receive a pull request to their repo with information on how to delegate a name from a vault to a hot wallet and use it when doing reverse resolution.


Exactly :point_up_2:

I actually created this post over a month ago, and at the time hadn’t stumbled on yet.

Couldn’t clients voluntarily check if the domain has a delegate using ENS just as easily (and as voluntarily) as they could check using

The first step to using is:

“Connect your vault, like your Ledger, first”

Connecting my vault to multiple dApps is exactly what I’m trying to avoid.

Yes, but is a public good with a lot of attention on it from developers. Delegation always requires the owner of an asset to attest the validity of the delegated address. It could also be done with a signature that is submitted by the hot wallet though.

Does anyone know of any delegation systems that use a signature instead of a transaction on the part of the delegator?

Yes, but it would just be a competing delegation system, that happens to use ENS.

I don’t own a ledger or hardware wallet device as I do not use crypto as a store of value, currently. The way I perceive the definition and or classification of cold and hot walleting is that; the moment you connect your cold storage device to more than one other service for transfer of asset(s), essentially compromises the storage classifier. In that case cold storage loses it’s classifier as a cold storage and becomes a hot wallet, permanently. Once hot it can never go cold.

In light of recent events regarding CEX failures, I believe it is important that we should take up presenting the general public with education material. Teaching proper security procedure would be a great benefit to onboarding new ENS users. Teaching security through use of ENS will onboard more people than a speculative marketplace is capable of, predictively.

That being said, I would like to work with someone creating workflow diagrams so that there is less confusion and particularly illustrates security configurations that involve using ENS, registrant and controller assignees in conjunction with cold storage and hot wallets. If anyone is interested in talking about this in voice call, send me a PM.

1 Like