Skip to content

Update ERC-7730: add optional integrity field amendment #1278

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Update ERC-7730: add optional integrity field amendment #1278

wants to merge 2 commits into from

Conversation

@llbartekll
Copy link
Contributor

@llbartekll llbartekll commented Oct 18, 2025

Summary

  • introduce an optional top-level integrity object that lets wallets and tooling detect descriptor tampering without changing how descriptors are interpreted
  • document canonicalization (RFC 8785), message construction, signature validation for EIP-191/1271 with CAIP-10 signer IDs, JSON schema expectations, and explicit verifier UX handling

@eip-review-bot
Copy link
Collaborator

eip-review-bot commented Oct 18, 2025
edited
Loading

File ERCS/erc-7730.md

Requires 1 more reviewers from @arein, @arikg, @lcastillo-ledger, @paoun-ledger

@eip-review-bot eip-review-bot changed the title feat: add optional integrity field amendment Update ERC-7730: add optional integrity field amendment Oct 18, 2025
@github-actions
Copy link

github-actions bot commented Oct 18, 2025

The commit 49b8320 (as a parent of 3f759c9) contains errors.
Please inspect the Run Summary for details.

@github-actions github-actions bot added the w-ci label Oct 18, 2025
@github-actions github-actions bot removed the w-ci label Oct 19, 2025
@arein
Copy link
Contributor

arein commented Oct 19, 2025

It's unclear to me "who" is the correct signer here. Once if've verified the signature to an address - how can I determine that this is the correct author?

My gut feeling tells me this should be out of scope for the initial ERC-7730

@llbartekll
Copy link
Contributor Author

llbartekll commented Oct 19, 2025

It's unclear to me "who" is the correct signer here. Once if've verified the signature to an address - how can I determine that this is the correct author?

My gut feeling tells me this should be out of scope for the initial ERC-7730

Signature verification proves key control, not who you should trust.
Determining the “correct author” is a trust and distribution problem and should be out of scope.

@lcastillo-ledger
Copy link
Contributor

lcastillo-ledger commented Nov 3, 2025

An alternative to defining the signature scheme in the ERC 7730 is to define the verifiable credential structure that can carry the integrity data. They have a type specifically dedicate for this (DocumentIntegrityCredential) and that way we can re-use the signature formats, signer identifier (DID spec) and verifier tooling.

@llbartekll
Copy link
Contributor Author

llbartekll commented Nov 4, 2025

An alternative to defining the signature scheme in the ERC 7730 is to define the verifiable credential structure that can carry the integrity data. They have a type specifically dedicate for this (DocumentIntegrityCredential) and that way we can re-use the signature formats, signer identifier (DID spec) and verifier tooling.

@lcastillo-ledger VCs/DIDs are useful, but I’d rather not add that stack to 7730. It increases complexity (resolvers, cryptosuites, verifier plumbing) for what should be a lightweight “is this descriptor intact and who signed it?” check. I would keep it minimal.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eip-review-bot eip-review-bot Awaiting requested review from eip-review-bot eip-review-bot is a code owner

At least 0 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

a-review c-update s-draft t-erc

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@llbartekll @eip-review-bot @arein @lcastillo-ledger