[Wallet Attestation - Dynamic Component View ] Process #258
Comments
|
the trust chain is fastly renewed to check against any revocation of its subject the trust chain is resolved under a well known trust anchor, that defines if the subject can play the role of wallet provider wallet provider's public key may rotate, therefore I'm againts any hard-coded cryptographic binding within the application'd code. the Trust List as reinforcment makes sense, since it is inline with the eIDAS trust architecture, at the same time the trust list may contain the trust anchors or the wallet providers. at the same time a bogus wallet provider, listed in the trusted list as well, may became an adversary. For this reason some security/implementation consideration should be developed along this issue. there may be cases where a wallet instance knows how to interact with its wallet provider. We need to explain and make this clear to the implementers |
|
Wallet Providers though their Trust Chain Root Authorities are anchored in Trust Lists managed by appointed Supervisory Bodies or by delegated authorities. This ensures the integrity and authenticity of wallet solutions are rigorously maintained. These layers of security and oversight create a trusted environment, allowing users to rely on the legitimacy and safety of their Wallet Instances. Consequently, this robust framework significantly mitigates the risk of fraudulent redirections, safeguarding users' transactions and data. |
|
@cmarco0 has correctly pointed out how a trust chain cannot be faked. |
This flow could be prone to 'man-in-the-middle' attacks at 'Message 2' Link
Indeed we need to guarantee that a malicious actor cannot redirect Trust Chain verification to a fake chain.
To avoid this an option Wallet Instance could include Wallet Provider's Public Key (Instance will need to be updated in case of key changes in this case), other option would be that Wallet Provider or its Trust Chain Anchor need to be 'anchored' in a Trust List/Registry managed by the Supervisory Body where its Public Key is available.
From Wallet Provider's side, to avoid that third parties could request a Wallet Attestation (therefore the attestation would come not from the Wallet Instance but from a malicious actor), there should be a method to securely identify a real Wallet Instance (for example there could be an instance identifier encrypted with a dedicated WP Private Key).
The text was updated successfully, but these errors were encountered: