James,
I have a few more questions about your gateway, if you have time to answer. I am starting to realize what the capabilities of this gateway are. This understanding raised the question: If someone will be able to send an external asset to the gateway and it is then represented by an internal asset that can be traded on the AE, what happens to the external asset? Is it held in a collective wallet, like an escrow account or security account? Or is the external asset even transferred at all and the AE generated internal asset is just a promise to pay, and the holder of the External asset would still have to be trusted to deliver the asset once traded? I know you are busy, and hate to keep bugging you, I just was pondering the implications of this.
I am doing a nearly atomic exchange of the actual crypto with NXT asset. The only glitch could be during an internal transfer, the NXT asset issuance fails for some reason. I havent had a chance to implement full error handling, it is only 10 days old, but when all the error cases are handled, all the confirmed crypto deposits will match up to confirmed NXT asset transfers.
The actual crypto is put into a multisig account. That is why it took me so long to get the alpha release. I had to tediously construct rawtransactions based on looking at all of the unspent outputs, which I had to recreate since bitcoind (at least dogecoind) didnt seem to properly track multisig transactions.
The AE asset therefore represents not just a promise to pay, but there will be a publicly visible multisig acct with the funds there. There will be a gatewaychain.info analogous to blockchain.info where you can verify deposits and withdrawals and their intermediate state.
To add more weight to the promise to redeem the asset for the crypto, multiple (3) gateways are simultaneously monitoring the NXT blockchain for asset transfers back that are coming in for redemption. All gateways query their local bitcoind and generate a proposed rawtransaction and a signed rawtransaction. Every single byte of the raw transaction must be identical between all of the gateways, then the selected gateway signs the already signed rawtransaction from one of the other gateways and submits it to the network.
I will be creating NODEcoin 2.0, which in addition to rewarding people for forging, will be actively validating all gateway transactions and will generate alerts if it ever detects any funny business. As long as the gateway monitors are happy, all is well. I dont expect more than an occasional yellow alert, when there is a network glitch and a transaction has to be manually resent. With the malleability issue, we need to be careful about blindly trusting any request for manual payment.
As long as the NXT community operated gateways continue to function and two of the independent gateway operators dont collude, all the withdrawals are assured. In case the deposit balance in the multisig accounts get too big, we can always fragment them and have dozens of multisig accts, each with a small fraction of the overall balance. Minimize the size of the acct to remove temptation to steal it, and require cooperation of another party to pull of the withdrawal.
I would think that most people would assess the security of this setup as much more secure than trusting some centralized exchange from going rogue or being hacked (c-cex for 300 BTC, poloniex for 150 BTC both this past week) or going belly up (Mtgox, etc).
Properly implemented after thorough testing and review, there would be no practical difference between trading a NXT AE crypto asset or the real thing. We will get the automated gateway so reliable that we will be able to offer NDIC (NXT deposit insurance), max 10000 NXT per person 100000 NXT total. So if the gateway ever causes a loss, there will be the insurance to cover some of the losses.
James
P.S. Can some marketing types take all this and make it nice and presentable?
