Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pillar 2: Security - Wallet Selection #43

Open
tlodderstedt opened this issue Aug 28, 2024 · 1 comment
Open

Pillar 2: Security - Wallet Selection #43

tlodderstedt opened this issue Aug 28, 2024 · 1 comment

Comments

@tlodderstedt
Copy link

I'm not sure what the security objective of this section is. I guess it is about the authenticity and trustworthiness of the wallet?

If so, I would suggest to spell that out and also describe how the measures describe contribute to that objective as well as which party in an ecosystem should apply those measures.

In general, this section would benefit from a more comprehensive description. For example, I'm not sure what is meant by "Secure connections and end-point management".

I'm also not sure, what role brute force attacks play in the context of this security objective. I guess this is more related to an adversary trying to break the user authentication of a wallet in order to steal data and/or impersonate the holder (?).

I would also argue "Man-in-the-Middle Attacks" deserve a dedicated section. I would assume those kind of attacks will be handled on the protocol level.

@andy-tobin
Copy link

Above noted, thanks. Likely this will need to go into a 2nd version of the paper as it could be quite comprehensive if, for example, a dedicated section is created for MITM attacks. Also noting that this is designed to be a high level paper that is digestible by non-experts, therefore we don't want to go to deep.

The SIG call attendees note that MITM attacks won't just be at the protocol level.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants
@tlodderstedt @andy-tobin and others