design: MIR / legal / financial-ID verifier model

[Pattermesh]

Question

LABELTON v0 stores mirVerifier, legalIdVerifier, financialIdVerifier addresses but does not check their signatures at registration. The registrant self-attests.

Production needs some verifier model. Different domains likely want different rigor.

Options per domain

MIR fingerprint

• Algorithmic / oracle-attested (e.g. AcoustID, Audible Magic, Pex).
• Single trusted oracle is reasonable for v1.

Legal identity (rights-holder entity)

• Multi-sig of KYC-trusted custodians.
• EIP-712 attestation from a regulated identity provider (Persona, Onfido, Sumsub).
• Eventually: ZK-KYC proofs.

Financial routing (payout / tax / banking)

• Regulated entity attestation (the artist's actual bank / payout processor).
• Custodial proxy (e.g. Bridge.xyz, Mesh, Plaid).

On-chain enforcement

Options for how LABELTON checks verifier attestations at registerMaster:

• No on-chain check (v0 today) — registrant self-attests, off-chain verifiers can challenge after the fact.
• EIP-712 signature — each verifier signs (masterParams, registrant), LABELTON recovers and checks against the configured verifier address.
• Multi-sig — N-of-M verifier signatures required.

Recommendation

Phase 1: EIP-712 single-signer per domain. DAO can rotate verifier addresses. Multi-sig is a later upgrade.

Depends on

Part of #38.

cc @abhicris @Pattermesh