Gracefully degrade to blind signing in the known transaction, unknown structure case

[cwgoes]

When the Ledger app receives a known transaction (by tag) with an unknown structure, we should gracefully degrade (instead of crash), and allow the user to blind-sign, if they want.

[chcmedeiros]

Hey @cwgoes! With unknown structure you mean, not having the sections the app is expecting (Code, Data, signature ....) ?

[Fraccaman]

yeah exactly! @cwgoes

[cwgoes]

@murisi Can you help clarify here? I believe this was from our discussion.

[murisi]

@murisi Can you help clarify here? I believe this was from our discussion.

Sure, let me try... I think that Namada transactions can be understood in two layers: the container format and the data formats. The container format describes the structure of the header and the various sections including the code section, data section, and extra data section. The data formats describe how the bytes inside the data section, extra data section, and other sections are interpreted. I.e. the bytes inside a data section may be interpreted as a Transfer, or a Bond, or something else. It should be possible to parse and sign the container even if the data format is unrecognized.

We would like hardware wallet blind signing to work in the case where the container is valid, but the data is invalid. I.e. if the hardware wallet fails to read the bytes in a data section as a Transfer (and display the source, target, amount, and token fields), then it should simply ask the user whether they would like to sign the unrecognized Transfer.