Skip to content

Commit

Permalink
Update xip-46-multi-wallet-identity.md (#73)
Browse files Browse the repository at this point in the history 
Clarify role of recovery address, and permissions of installation keys
  • Loading branch information
@neekolas
neekolas authored Dec 2, 2024
1 parent c32743e commit 6d1e609
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion XIPs/xip-46-multi-wallet-identity.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ The user may perform identity updates, such as adding or removing wallets and in
| Addressable for incoming messages | Yes | No | No |
| Can be used to authenticate on new apps | Yes | No | No |
| Used by the app to sign messages | No | Yes | No |
| Can add more associated addresses | Yes | No | Yes |
| Can add more associated addresses | Yes | Yes | Yes |
| Can add more installation keys | Yes | No | Yes |
| Can revoke other associated addresses and installation keys | No | No | Yes |
| Can revoke self | No | No | No |
Expand All @@ -77,6 +77,12 @@ The member list of an inbox is expected to have the following properties:
2. There is a way to recover control over the inbox if any member other than the recovery address is compromised.
3. Any client can verify that (1) is true, and all clients should see the same member list.

### Role of the recovery address

The recovery address is the only address that is allowed to revoke installations or wallets. Changing the recovery address does not require a signature from the new recovery address, allowing users to delegate recovery to a third party if desired. Recovery addresses are not used for reverse resolution (address -> inbox), so changing the recovery address of an inbox to an address that you do not control does not allow the user to impersonate any other address.

Applications building a revocation flow are encouraged to show the list of addresses and installations in a hierarchical form, and allow the user to choose to recursively revoke members that were added by the installation targeted for revocation. This protects against cases where a compromised installation or account may have added additional compromised members. This recursive revocation is not required by the protocol, with the exception of installations added directly by a revoked wallet, allowing users choice in how broadly they would like to revoke access.

### Identity updates

#### Identity actions
Expand Down

0 comments on commit 6d1e609

Please sign in to comment.