Hey everyone, I’d love feedback on a new draft ERC-8176.
Summary
ERC-8176 defines an optional `integrity` field for ERC-7730 clear signing descriptor files. It allows trusted parties — wallet vendors, auditors, registry operators — to independently attest to a descriptor’s correctness using EIP-191 (EOA) or ERC-1271 (contract) signatures, keyed by CAIP-10 account identifiers.
Problem
ERC-7730 descriptors tell wallets how to display human-readable transaction details. These files may be sourced from registries, bundled by wallet vendors, or fetched from third-party APIs. Regardless of distribution method, there is currently no mechanism to verify **who reviewed and approved** a given descriptor. A wallet receiving a descriptor has no way to distinguish a carefully audited file from one that was tampered with or never properly reviewed. A subtly misleading descriptor — e.g., one that hides a token approval amount — could trick end users while appearing technically valid.
Existing protections fall short:
- ERC-7730 context binding validates contract targeting but not display correctness
- HTTPS protects transport, not content authenticity
- Git signatures don’t survive once files are served via API or downloaded standalone
Approach
The `integrity` field is a JSON map where each key is a CAIP-10 account ID and each value contains a `signerType` (`“EOA”` or `“contract”`) and a `signature`. The signed message covers a Keccak-256 hash of the RFC 8785 (JCS) canonicalized descriptor content, excluding the `integrity` field itself.
Multi-Signer Model
Multiple parties can sign the same descriptor independently without affecting each other’s signatures. Adding a new signer doesn’t invalidate existing ones since the `integrity` field is excluded from hash computation. Each signature is verified independently — one failure doesn’t affect others.
Trust policy (which signers to accept, how many to require) is deliberately left to individual wallets.
Looking forward to your thoughts and feedback.