Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ERC: Tamperproof Web Immutable Transaction (TWIT) #585

Merged
merged 19 commits into from
Sep 17, 2024

Conversation

uni-guillaume
Copy link
Contributor

This EIP written in close collaboration with @remarks propose a new security mechanism to guarantee data integrity between dapps and wallets.
It introduces a new RPC method to be implemented by wallets, wallet_signedRequest, that
enables dapps to interact with wallets in a tamperproof manner via "signed requests". The
dapp associates a public key with its DNS record and uses the corresponding private key to
sign payloads sent to the wallet via wallet_signedRequest. Wallets can then use use the
public key in the DNS record to validate the integrity of the payload.
The wallet can subsequently confirm data integrity to their users

@eip-review-bot
Copy link
Collaborator

eip-review-bot commented Aug 8, 2024

✅ All reviewers have approved.

@eip-review-bot eip-review-bot changed the title ERC-XXXX: Tamperproof Web Immutable Transaction (TWIT) Add ERC: Tamperproof Web Immutable Transaction (TWIT) Aug 8, 2024
@github-actions github-actions bot added the w-ci label Aug 8, 2024
ERCS/erc-XXXX.md Outdated
@@ -0,0 +1,254 @@
---
eip: XXXX
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
eip: XXXX
eip: 7754

Assigning next sequential EIP/ERC/RIP number.

Please also update the filename.

ERCS/erc-XXXX.md Outdated Show resolved Hide resolved
ERCS/erc-XXXX.md Outdated
title: Tamperproof Web Immutable Transaction (TWIT)
description: Provides a mechanism for DAP to use the API defined in EIP-1193 in a tamperproof way
author: Erik Marks, Guillaume Grosbois
discussions-to: TODO
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please create a topic in Eth Magicians. https://ethereum-magicians.org/
It can just contain a link to this PR.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will do.

uni-guillaume and others added 2 commits August 9, 2024 14:54
Co-authored-by: Andrew B Coathup <[email protected]>
Signed-off-by: Guillaume Grosbois <[email protected]>
Copy link

github-actions bot commented Aug 9, 2024

The commit 4467b47 (as a parent of 49b3f55) contains errors.
Please inspect the Run Summary for details.

Signed-off-by: Guillaume Grosbois <[email protected]>
@uni-guillaume
Copy link
Contributor Author

@abcoathup @petvaizAkhtar : is the PR good enough to be merged ?

@uni-guillaume
Copy link
Contributor Author

@axic , @g11tech, @SamWilsn, @xinbenlv: do you have any feedback ?

ERCS/erc-7754.md Outdated

1. The user's browser verifies the domain certificate and displays appropriate warnings if overtaken
2. The DNS record of the dapp hosts a TXT field pointing to a URL where a JSON manifest is hosted
- This file SHOULD be at a well known address such as `https://domain.com/.well-known/twit.json`
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- This file SHOULD be at a well known address such as `https://domain.com/.well-known/twit.json`
- This file SHOULD be at a well known address such as `https://example.com/.well-known/twit.json`

ERCS/erc-7754.md Outdated

Attested public keys are necessary for the chain of trust to be established.
Since this is traditionally done via DNS certificates, we propose the addition of a DNS record containing the public keys.
This is similar to DKIM, but the use of a manifest file provides more flexibility for future improvements, as well as support for multiple algorithm and key pairs.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Readers might not be familiar with DKIM. You could do something like:

Suggested change
This is similar to DKIM, but the use of a manifest file provides more flexibility for future improvements, as well as support for multiple algorithm and key pairs.
This is similar to [RFC 6376](https://www.rfc-editor.org/rfc/rfc6376.html)'s DKIM, but the use of a manifest file provides more flexibility for future improvements, as well as support for multiple algorithm and key pairs.

ERCS/erc-7754.md Outdated
To mitigate this, wallets SHOULD NOT cache dapp public keys for more than 2 hours.
This practice establishes a relatively short vulnerability window, and manageable overhead for both wallet and dapp maintainers.

Example DNS record for `my-crypto-dapp.org`:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Example DNS record for `my-crypto-dapp.org`:
Example DNS record for `my-crypto-dapp.invalid`:

I'd suggest using reserved domain names (like example.com, foo.invalid, etc.) for your examples.

ERCS/erc-7754.md Outdated
Since this is traditionally done via DNS certificates, we propose the addition of a DNS record containing the public keys.
This is similar to DKIM, but the use of a manifest file provides more flexibility for future improvements, as well as support for multiple algorithm and key pairs.

Similarly to standard JWT practices, the wallet could eagerly cache dapp keys.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar comment here about JWT. Either expand the abbreviation or link to a definition.

ERCS/erc-7754.md Outdated

type SignedRequestParameters<Params> = [
requestPayload: RequestPayload<Params>,
signature: `0x${string}`, // TODO: Is this the format we want?
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you use HTML-style comments (outside the code fence), the linter will make sure you deal with them before moving into Review (eg. <!-- TODO -->.)

ii. If the user opts to cancel, then the wallet MUST cancel the call
e. If the signature is valid, the wallet MUST call `request` with the argument `requestPayload`

#### Example method implementation (wallet)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should probably move this to the Reference Implementation section and link to it there from here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

because of the use of dohjs library, it is more an example than a reference implementation. Happy to move it if you think that is ok.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's up to you. It's short enough that it's probably fine to stay where it is.

Signed-off-by: Guillaume Grosbois <[email protected]>
@eip-review-bot eip-review-bot enabled auto-merge (squash) September 17, 2024 14:37
Copy link
Collaborator

@eip-review-bot eip-review-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All Reviewers Have Approved; Performing Automatic Merge...

Copy link
Collaborator

@eip-review-bot eip-review-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All Reviewers Have Approved; Performing Automatic Merge...

@eip-review-bot eip-review-bot merged commit 4dcd0fc into ethereum:master Sep 17, 2024
11 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants