Two New FRCs: Wallet-Signing User Stories and EIP-191-equivalent-and-extension (references the user stories) #1127
Conversation
bumblefudge
requested review from
jennijuju,
anorth,
jsoares,
TippyFlitsUK,
momack2,
rvagg,
lanzafame and
dannyob
as code owners
|
I'm not sure whether people would want this in scope for the User Stories FRC, but riba just pointed out that non-interactive authN based on signatures over arbitrary payloads is ALSO happening in various places via API and HTTP headers:
If people would like this included for future reference/upgrade/documentational clarity, I'd be glad to add a section? |
FRCs/frc-wallet-signing-envelope.md
Outdated
| Using this version byte in FVM contexts is discouraged, but in FEVM contexts, it may be used safely, as FEVM messages and signatures are entirely isomorphic to the EVM. | ||
|
|
||
| Note that in the base `0x45` structure defined in [ERC-191], there is no envelope-level affordance for including a `chainId` (314 for Filecoin mainnet, 314159 for Filecoin testnet, 314XXX for L2s and private FEVM networks) to protect against crosschain replay attacks. | ||
| For this reason, it is recommended to include this safety mechanism (and others like domain-binding or TTL or nonce) inside the payload, as is required by the standard [Sign-In with Ethereum][ERC-4361] template. |
There was a problem hiding this comment.
this raises the question for me that as long as you're defining a new 0x46, why not also add this in since you're starting from scratch? 0x19 0x45 <ilecoin Signed Message:\n" + len(message) + chainId> <data to sign>
There was a problem hiding this comment.
for compatibility reasons! Someone using the Metamask Snap or any other ethereum wallet that simply adds the FEVM chainId would produce wallets with the classic thereum Signed Message prefix. Unless I misunderstood the question?
|
👍 I assume from @hugomrdias' name on this that it's a collective summation of the agreement you've reached on this topic? Seems fine to me sans some minor nits in there. There's some sections left blank at the bottom but I'm not sure there's much to say on those topics. Let's assign this one the number |
|
Eh, I somehow missed that there are two files in here and only noticed after I saw the title again with "Two"! I'm not sure what to do with the second file, it seems to me to either be part of the main FRC or moved into the resources/ directory where it can be free-form, but it doesn't look like an FRC. |
add rvagg's more complete motivation section Co-authored-by: Rod Vagg <[email protected]>
make specification section more clear with rvagg's suggestion Co-authored-by: Rod Vagg <[email protected]>
Co-authored-by: Rod Vagg <[email protected]>
Co-authored-by: Rod Vagg <[email protected]>
Co-authored-by: Rod Vagg <[email protected]>
|
Oh, sorry, I had the user stories as a separate FRC file because some industrious future worker-bee might want to add a new FRC to address the EIP-712-equivalent use-case, or any other future signing-UX FRCs might just want to refer to or extend the Use-Cases as a free-standing doc. Is this the first "informational FRC" that provides context but no interfaces for wallets? @hugomrdias do you have strong feelings either way? I can just incorporate it into the main text of FRC-0102 or as a /resources/user-stories.md type exhibit, whatever you think makes more sense. |
Hey all:
I got pulled into a discussion thread on the Lotus repo discussions about wallet-signing safety and EVM/FVM/FEVM, and as promised here are the FRCs for clarity/ground-truth. Hope it helps!