FIPs icon indicating copy to clipboard operation
FIPs copied to clipboard
verified publisher icon filecoin-project

Two New FRCs: Wallet-Signing User Stories and EIP-191-equivalent-and-extension (references the user stories)

Open bumblefudge opened this issue 10 months ago • 12 comments

Hey all:

I got pulled into a discussion thread on the Lotus repo discussions about wallet-signing safety and EVM/FVM/FEVM, and as promised here are the FRCs for clarity/ground-truth. Hope it helps!

bumblefudge avatar Feb 17 '25 15:02 bumblefudge

I'm not sure whether people would want this in scope for the User Stories FRC, but riba just pointed out that non-interactive authN based on signatures over arbitrary payloads is ALSO happening in various places via API and HTTP headers:

  • "client": https://github.com/ribasushi/bash-fil-spid-v0/blob/master/fil-spid.bash#L13-L32
  • "server": https://github.com/storacha/spade/blob/master/webapi/auth.go#L67-L235

If people would like this included for future reference/upgrade/documentational clarity, I'd be glad to add a section?

bumblefudge avatar Feb 17 '25 18:02 bumblefudge

:+1: I assume from @hugomrdias' name on this that it's a collective summation of the agreement you've reached on this topic? Seems fine to me sans some minor nits in there. There's some sections left blank at the bottom but I'm not sure there's much to say on those topics.

Let's assign this one the number 0102 - update the FIP doc with this and stick an entry in the README pointing to it and we'll work on getting it merged.

rvagg avatar Feb 18 '25 00:02 rvagg

Eh, I somehow missed that there are two files in here and only noticed after I saw the title again with "Two"!

I'm not sure what to do with the second file, it seems to me to either be part of the main FRC or moved into the resources/ directory where it can be free-form, but it doesn't look like an FRC.

rvagg avatar Feb 18 '25 03:02 rvagg

Oh, sorry, I had the user stories as a separate FRC file because some industrious future worker-bee might want to add a new FRC to address the EIP-712-equivalent use-case, or any other future signing-UX FRCs might just want to refer to or extend the Use-Cases as a free-standing doc. Is this the first "informational FRC" that provides context but no interfaces for wallets? @hugomrdias do you have strong feelings either way? I can just incorporate it into the main text of FRC-0102 or as a /resources/user-stories.md type exhibit, whatever you think makes more sense.

bumblefudge avatar Feb 18 '25 12:02 bumblefudge

Oh, sorry, I had the user stories as a separate FRC file because some industrious future worker-bee might want to add a new FRC to address the EIP-712-equivalent use-case, or any other future signing-UX FRCs might just want to refer to or extend the Use-Cases as a free-standing doc. Is this the first "informational FRC" that provides context but no interfaces for wallets? @hugomrdias do you have strong feelings either way? I can just incorporate it into the main text of FRC-0102 or as a /resources/user-stories.md type exhibit, whatever you think makes more sense.

/resources/user-stories.md or any other place outside the main FRC

hugomrdias avatar Feb 21 '25 18:02 hugomrdias

i will start writing code and tests for this in iso-filecoin

@rvagg im going to add support for chainId in the prefix to start with.

issue: https://github.com/hugomrdias/filecoin/issues/212

hugomrdias avatar Mar 06 '25 10:03 hugomrdias

@rvagg - What else is needed here or what are the next steps in the FRC process to get this over the finish line?

Hugo has started implementation in JS.

eshon avatar Mar 19 '25 14:03 eshon

@eshon with me and @rvagg I think we can get this over the line soon!

dannyob avatar Mar 19 '25 23:03 dannyob

Content is pretty much good to go, @bumblefudge are you able to address the few items in here? Note particularly the lack of a need for a template in the appendix, format it as you want and remove the bits that don't help what you're trying to achieve.

Sorry for being slow on this one, my head has been elsewhere.

rvagg avatar Apr 01 '25 05:04 rvagg

Still needs an entry in the README.md too btw.

rvagg avatar Apr 02 '25 06:04 rvagg

Should be ready to go now? thanks y'all

bumblefudge avatar Apr 02 '25 13:04 bumblefudge

good, aside from the undeleted resource/fip-0102/user-stories and the bad merge line in README (duplicate of 0098 with the old status)

rvagg avatar Apr 02 '25 23:04 rvagg

@bumblefudge you just have to ~identical files now, resources/fip-0102/user-stories.md and resources/frc-0102/user-stories.md. I think you just want to git rm resources/fip-0102/user-stories.md

rvagg avatar Apr 07 '25 03:04 rvagg

well color me mortified. the vestige should be deleted now. this is why "allow repo admins to commit directly to this PR" should be checked by default!

bumblefudge avatar Apr 07 '25 06:04 bumblefudge

What are the next action items now that this has been merged?

  • Adding this to Lotus CLI
  • Adding this to Filecoin Ledger App interface
  • Adding this to iso-filecoin and
  • Adding this to Filecoin Docs and making the Devrels aware of it

eshon avatar Apr 25 '25 16:04 eshon