Internet-Draft Abbreviated Title November 2024
Chin Expires 13 May 2025 [Page]
Workgroup:
Internet Engineering Task Force
Internet-Draft:
draft-chins-dnsop-web3-wallet-mapping-01
Published:
Intended Status:
Standards Track
Expires:
Author:
SC. Chin, Ed.
D3 Global Inc

DNS to Web3 Wallet Mapping

Abstract

This document proposes a implementation standard for mapping wallets to domain names using the new WALLET RRType, while allowing for TXT record fallback. The goal is to provide a secure and scalable way to associate wallets with domain names, enabling seamless lookup as well as suggesting required authentication mechanism. The proposal relies on DNSSEC or security successors to ensure trust and security. We also will propose a mechanism for mapping a wallet back to a domain name.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 13 May 2025.

Table of Contents

1. Introduction

There is fragmentation in the mapping of Web3 Wallets to Domain Names [RFC1034] and there is very little done with reverse lookup. This document is putting forth a implementation standard to map Web3 Wallet addresses to Domain Names and investigates the associated security and technical concerns.

As the use of digital wallets and online services grows, the need for a standardized way to lookup wallet addresses in an human readable format becomes increasingly important. This proposal aims to provide a solution that is easy to implement, scalable, standardized and secure.

The proposed Notational Implementation involves using the DNS WALLET RRtype [WALLET-IANA-RRTYPE] to map a domain name on the Global DNS system to wallet address information. The WALLET record will contain a object that maps the wallet address to the registered coin type token [SLIP-0044]. It will also handles multiple wallet addresses and chain, defaults and defines a heirarchy to deterministicly be able to find the appropriate wallet address. It is assumed that the record will be part of a DNSSEC [RFC4033] [RFC9364] signed zonefile, or its security successors, and that users of this service will verify the signatures to ensure that the record has been returned without alteration in flight. This implementation proposal is evolutionary to the the description in [WALLET-IANA-RRTYPE] because it defines standards for coin names, defaults, and conditions for rejection, in order to have consistant usages.

We also propose a fallback TXT record "_w3addr" which will be a backup for the WALLET RRtype and CAN duplicate the WALLET RRtype entries.

On reverse mapping, we propose that we allow a singular coin type/address be mapped to a domain name in Global DNS. This will also be protected by DNSSEC or its security successors. We encourage users to use a more centralized registry for this.

1.1. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

2. Terminology

This document will refer to Domain Name terminology [RFC9499].

3. Domain to Wallet Mapping

3.1. Record Format

The WALLET or TXT record SHALL have the following format:


    @ IN WALLET "coin1:address1"
    @ IN TXT    "coin1:address1"
@
is the address
IN
is the class of the record
WALLET / TXT
is the type of the record
coin1:address1
is the value of the record, containing a comma-separated list of coin:address pairs

3.2. Grammar for the record in EBNF format 


   item = (coin_name | default) ":" address
   coin_name = (letter | digit | "_")
   address = (letter | digit)+
   letter = "A" | "B" | "C" | "D" | "E" | "F" | "G"
          | "H" | "I" | "J" | "K" | "L" | "M" | "N"
          | "O" | "P" | "Q" | "R" | "S" | "T" | "U"
          | "V" | "W" | "X" | "Y" | "Z" | "a" | "b"
          | "c" | "d" | "e" | "f" | "g" | "h" | "i"
          | "j" | "k" | "l" | "m" | "n" | "o" | "p"
          | "q" | "r" | "s" | "t" | "u" | "v" | "w"
          | "x" | "y" | "z"
   digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9"
   default = "DEFAULT"
item
represents a coin_name-address pair
default
is the symbol representing the default match
coin_name
represents the Symbol of a Coin Type represented in [SLIP-0044]. This is not case sensitive.
address
represents the public wallet address associated with a coin (e.g., "0xabcdefg", "0x12345", etc.)

This grammar can be used to parse the input string and extract the chain identifier and addresses.

3.3. Example

Suppose a user wants to map their wallet with the public key 0x1234567890abcdef to the domain example.com using the registered coin type tokens BTC and ETH. The WALLET record would be:

      @ IN WALLET "BTC:0x1234567890abcd"
      @ IN WALLET "ETH:0x987654321098765"

3.4. TXT Record Example

Suppose a user wants to map their wallet with the public key 0x1234567890abcdef to the domain example.com using the registered coin type tokens BTC and ETH using a TXT record. The TXT record would be:

      _waddr IN TXT "BTC:0x1234567890abcd"
      _waddr IN TXT "ETH:0x987654321098765"

3.5. Default Support

To support multiple wallets and chains, the WALLET record SHALL allow for a solitary DEFAULT to be returned for the default chain name. For example:

      @ IN WALLET "DEFAULT:0x1234567890abcd"
      @ IN WALLET "ETH:0x987654321098765"

The wallet lookup will use a temporary database in the client implementation, which will store all the returned records and select the most specific record for a chain. The order will be exact match, then the DEFAULT record if an exact match is not available.

3.6. Multiple Records

To support multiple coins, multiple coin:address pairs will each be represented by a WALLET record. There is no guarantees on ordering the records so overlapping records MAY be ordered at the resolver's discretion. In the event of duplicate coin types it is RECOMMENDED that multiple records be returned deduplicated for identical addresses.

3.7. Implementation

Implementations of this RFC SHALL:

  1. Support the creation and retrieval of WALLET records for any given level of the DNS system.
  2. Validate the records as being properly signed by DNSSEC or its successors.
  3. Provide the wallet's address for a human readable domain name.

4. Wallet to Domain Reverse Mapping

4.1. Solution

A wallet owner has the OPTIONAL ability to setup a reverse lookup using DNS in a similar manner for IANA in-addr.arpa and ip6.arpa against a centralized service. Queriants will be able to query a CNAME record with wallet information, to get a DNS mapping. They have the OPTIONAL ability to query with a chain designation using the registered coin type defined in SLIP-0044.

Unless IANA decides to provide this service, this MAY be offered by outside parties.

The reverse lookup service provider MUST ensure that the WALLET mapping has been validated by the wallet owner through outside knowledge or cryptographic signing to demonstrate control of the wallet.

4.2. Limitations

As DNS is case insensitive, but some wallet addresses are case sensitive. Because of the vast namespace available in Web3 Addresses, it it is unlikely, but MAY result in a collision.

4.3. Reverse Wallet Mapping Example

There is currently no IANA support lookup path, but a user will be able to lookup from a reverse mapping provider until there is a centralized body.

It can be qualified as a chain designation


      0x1234567890abc.eth._wallet-reverse.example.com IN \
              CNAME test.example.com

or

Default


      0x1234567890abc._wallet-reverse.example.com IN \
              CNAME test.example.com

4.4. Multiple mappings

It is NOT SUPPORTED for a wallet / network pair to point to multiple domains. The CNAME RRtype record does not support returning multiple records.

4.5. Potential Application Implementation

  1. An implementation will take a signed message telling the reverse lookup service for the wallet to point to a domain. OPTIONAL with chain information.
  2. The implmentation SHALL validate the signed message.
  3. The implementation SHALL validate the domain to wallet mapping using the above Domain to Wallet Protocol.
  4. The implementation SHALL update the DNS record acting as a registry for Wallet to Domain mapping.
  5. OPTIONAL the implementation should validate the Domain to Wallet mapping on a periodic basis.

5. Security Considerations

To ensure the security of the mapping, the following measures will be taken:

  1. The WALLET RRtype record SHALL BE stored in a secure location, such as a DNSSEC-signed zone.
  2. The WALLET RRtype might not be available throughout entire end to end DNS infrastructure.
  3. The implementation SHALL validate the DNSSEC record or its IETF approved successors.
  4. The wallet record SHALL be protected from replay attacks via DNSSEC time invalidation (or approved successors).

If the source of the DNS zone is compromised, the wallet address mapping is compromised. It is imperative that this not occur for both DNS stability, as well as wallet mapping Notationaly using DNS.

6. IANA Considerations

This proposal allows for IANA supporting reverse mapping of wallet addresses to domains.

7. References

7.1. Normative References

[RFC1034]
Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, DOI 10.17487/RFC1034, , <https://www.rfc-editor.org/info/rfc1034>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC4033]
Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "DNS Security Introduction and Requirements", RFC 4033, DOI 10.17487/RFC4033, , <https://www.rfc-editor.org/info/rfc4033>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.
[RFC9364]
Hoffman, P., "DNS Security Extensions (DNSSEC)", BCP 237, RFC 9364, DOI 10.17487/RFC9364, , <https://www.rfc-editor.org/info/rfc9364>.
[RFC9499]
Hoffman, P. and K. Fujiwara, "DNS Terminology", BCP 219, RFC 9499, DOI 10.17487/RFC9499, , <https://www.rfc-editor.org/info/rfc9499>.

7.2. Informational References

[SLIP-0044]
"Registered coin types for BIP-0044", <https://raw.githubusercontent.com/satoshilabs/slips/master/slip-0044.md>.
[WALLET-IANA-RRTYPE]
"Wallet Completed Template", 2024-06-24, <https://www.iana.org/assignments/dns-parameters/WALLET/wallet-completed-template>.

Appendix A. Appendix 1: Example code

Here is an example of how to create and retrieve a WALLET records using the domain name:

      import dns.resolver.wallet
      # Retrieve the WALLET record
      record = dns.resolveWallet("example.com", "BTC")

      print(record.value)  # Output: "0x1234567890abcdef"
      xs

Contributors

Thanks to all of the contributors for contributions to security and clarity.

Yevhenii Andrushchak
Kai Sung

Acknowledgements

Reviewed by:

Jothan Frakes

Author's Address

Shay Chin (editor)
D3 Global Inc