(Wallet) Connect EIP


#1

In the context of https://discuss.walletconnect.org/t/qr-code-data-format/14 - I am thinking about a (Wallet) Connect EIP and would love to gather some Ideas/Feedback.

The EIP will be based on 831.

As the ERC-831 prefix I would suggest “connect”

  • walletconnect is a bit too long imho - the longer the QR code gets the harder it gets to scan.
  • wc would also be an idea - but it has a bit of a shitty (:poop:) connotation :toilet: (maybe we ignore this as it is mostly seen by computers and not humans)
  • connect is a bit broader - and not as opinionated - could be used for other use-cases in the future also

to encode the shared key I would suggest using base64 - which is easy to parse and saves some bytes compared to the hex encoding (also for making the QR code easier to scan) We should be open to updates from symetric to asymetric here also. Especially when these URLs are not only used for QR-Codes but also for Intents (think connecting a native Android dapp to a Wallet on the same device)

So I would suggest the following URL format:

“ethereum” “:” “connect-” sessionID “@” version “?” parameters

as parameters (taken from the current state of the art):
dappName
bridgeURL
symKey

Feedback/Ideas welcome!


#2

Maybe “wc” prefix isn’t so bad since it will be mostly viewed by devices and not humans, saving a few characters for displaying the QR code

Also agree that base64 should be used instead of the current hex encoding for the shared key

Regarding symmetric and asymmetric keys, I still think that at least for mobile-to-desktop is best to keep it symmetric but maybe it isn’t secure enough for mobile-to-mobile. However we need to balance user experience with security because WalletConnect is first and foremost a UX improvement to current implementations

Perhaps we should also save a few characters on the parameter names:

  • dapp
  • bridge
  • key

#3

Sounds great! Totally happy with shortening to dapp and bridge. With key I lean to keeping symKey to be able to distinguish later on when asymetric keys might be used. Also thinking about it a bit more: why would asymetric crypto here lead to worse UX in this case? I think this could be done without the user even noticing here …


#4

As a follow-up from here: https://discuss.walletconnect.org/t/ideas-for-decentralizing-the-bridge-server/15/4 :

We really should care for changes in the transport layer. In the end I think PSS and/or whisper might an ideal fit here. When using these protocols IMHO we do not even need to add the keys to the URLs then as these protocols care for the encryption. Maybe we do not even need a session-id - but just generate an private per session and use the public key as the session-id.

kindly inviting @jarradhope as I know he is very interested in it: https://twitter.com/jarradhope/status/1021489103186092032

EDIT: this way we could also get really easy to scan QR-Codes:

Selection_097

this is the QR-code for:
ethereum:wc-0x381e247bef0ebc21b6611786c665dd5514dcc31f@2?name=tester&pss


#5

Idea - why don’t we use the very same scheme already today? So instead of the current sessionId we use the public key/address of the session’s private key. So the url would currently look like:

ethereum:wc-0x381e247bef0ebc21b6611786c665dd5514dcc31f@1?name=tester&bridge=bridge.mydapp.org

and as soon as PSS or whisper gets usable the URL just changes to:

ethereum:wc-0x381e247bef0ebc21b6611786c665dd5514dcc31f@2?name=tester&pss

or

ethereum:wc-0x381e247bef0ebc21b6611786c665dd5514dcc31f@2?name=tester&whisper


#6

Why not use checksummed addresses?

Should there be support for ENS-style addresses?

Also string@ patterns seems to be used for user information in URI examples I’ve already seen such as username/password or email name. I could see it being used to pass an account name or private key in a connect URI. Why not use something like &v=2 instead?


#7

Why not use checksummed addresses?

You mean ERC-55? QR codes already do error correction - not yet sure how it would help

Should there be support for ENS-style addresses?

why - these addresses would only live for the session - not sure why they should support ENS

Also string@ patterns seems to be used for user information in URI examples I’ve already seen such as username/password or email name. I could see it being used to pass an account name or private key in a connect URI. Why not use something like &v=2 instead?

I do not see the advantage yet - can you elaborate? I like @version as e.g. @2 is shorter than v=2 :wink: Also the version should always be there - the private key might not be.


#8

I’ve created an EIP for this

@ligi would love your review on it!


#9

@ligi I have created a PR for updating this EIP to match the changes we discussed on the WalletConnect forum

Still updating the technical specification on the WalletConnect documentation to describe all details of the new protocol version v1.0.0-beta

I will ping on this thread by the end of the day


#10

Here is the first draft of the WalletConnect v1.0.0-beta tech spec, still needs polishing but it should provide a clear enough picture