[TylerE]

You can do anything if you allow massive handwaving. ("out-of-band mechanisms for approving transactions")

[maaku]

Do I have to spell it out? The machine could be under physical control of its operators, with rate limiting restrictions lifted only by manual intervention via a GUI interface, making the low bandwidth TOR connection the only link to the outside world (and a simple one at that). Or the the verification and signing steps done via TPM so as to prevent key theft. There are other possibilities too.

This isn't handwavery. It's basic security engineering.

[TylerE]

Yes, but the whole debate was how to it automatically. Once you have someone physically intervening, your solution fails to meet the problem criteria.

[maaku]

Having people involved to resolve edge cases and possible fraud/theft is kinda the point...