Infinity Wallet - A unique native desktop Wallet & Web3 Browser - Milestone 1
Dear Dotsama community,
The proposal
The proposal covers the integration of Polkadot, Kusama and their ecosystems into the Infinity Wallet all-in-one gateway, for a complete and user-friendly way to access the decentralized world and Web3. Along with the value add, benefits and what would be required to complete the developments and integration of Polkadot and Kusama ecosystems within the Infinity Wallet, as a native supported chain that we look to provide ongoing support and developments for, as well as collaborate with the Polkadot & Kusama ecosystems, driving ongoing value and adoption.
The deliverables have been split into 3 milestone referendum proposals ("current referendum for milestone 1"), with the focus of the combined proposal the integration, development & adoption of Polkadot, Kusama and their ecosystems within the Infinity Wallet.
Budget for milestone 1
Milestone 1 Total amount: 9,924 DOT (~$69,000 at time of proposal);
Please review the full proposal for a more detailed description, along with all deliverables & the cost breakdown for Milestone 1: https://docs.google.com/document/d/15XShwMFoT8oSK9U04JnlXYL4zk95dHJ9jMZGRW7Ynl8/edit?usp=sharing
All the best,
Infinity Wallet
Comments (3)
Requested
Proposal Passed
Summary
0%
Aye
0%
Nay
Aye (43)0.0 DOT
Support0.0 DOT
Nay (41)0.0 DOT
Appreciating your engagement with community feedback and the transition to a milestone-based proposal structure reflects a positive step towards aligning with Polkadot governance expectations. This structure promotes transparency and accountability, crucial for fostering community trust.
Despite the benefits of EV certificates in enhancing trust through Microsoft's SmartScreen, they do not authenticate the source code or ensure the security of the build process itself. The current practice of publishing SHA-512 hashes without corresponding PGP signatures represents a significant security gap. These hashes, while useful for verifying download integrity, offer no assurance regarding the origin or the absence of tampering before publication. This is compounded by the fact that the binaries themselves are not signed with PGP keys, further diluting the trust model.
For a more robust and transparent release workflow, we urge you to consider the practices where binaries are not only built but also signed as part of their release workflow (e.g., genpeerid build workflow). This approach significantly enhances trust in the binaries by ensuring they are directly traceable to their source, authenticated, and have not been tampered with post-build.
Given the strong interest from stakeholders in seeing Infinity Wallet support the ecosystem, we are inclined to adjust our position in favor of your proposal. Nonetheless, this support is contingent upon your willingness to incorporate external audits for each release. While the current proposal may not need to detail the budgeting specifics for these audits, it is essential that Infinity Wallet acknowledges and accepts the necessity of such audits. Our community can assist in identifying qualified members/team to conduct these audits and produce public reports, enhancing the overall security posture and confidence in the Infinity Wallet as a critical infrastructure component within the Polkadot ecosystem.
In conclusion, to shift our vote to support, we require at least a clear commitment from the Infinity Wallet team improve binary signing CI, began to publish changelogs for releases and engage in the previously proposed auditing process. This stance is an exception to our usual voting habits, particularly given our reservations towards endorsing proposals for closed-source projects in highly sensitive areas such as wallets.
@ROTKO.NET
Been lurking in governance and came across your comment and thought it quite strange what you are saying. Especially since EV code signing is one of the most well adopted and best ways for developers to sign & distribute applications 'mostly on desktop' securely and transparently. Also PGP signatures makes no sense when EV code signing, EV is one of the more superior signing methods in security, validation and authenticity in which the signer can also be authenticated as part of the signed binary its self with little effort, what PGP does make sense for is less authentic and secure signing methods (eg. self generated certificates or even OV certificates).
Overall what you are saying is not really relative for apps when using an EV certificate, EV is used for production enterprise applications around the world to ensure the highest security and authenticity with no need for PGP. Your comments are more valid however for apps using a self generated or OV certificate as PGP in such case would be recommended. Generally projects without an EV cert would be apps unable to get due to the high requirements, apps team negligence, apps not really focused on consumers and easier adoption or open source dev focused tools.
I also done a little research on Infinity Wallet and found it is following a high standard as I would expect for any wallet that takes security serious, from EV code signing, flow and sharing of hashes, but other wallets in our ecosystem are not:
Nova Wallet - couldn't find any way to validate their releases or hashes;
Nova Spektr - was able to find out they use a self generated certificate and no PGP (terrible security, no transparency or way to easily authenticate releases), at least at minimum they share their sha256 hash. But because they are using a self generated unsecured way of signing then everyone that downloads their app will get a warning that the app is suspicious and possibly not authentic;
Talisman - couldn't find any repo for their releases so no way to validate;
TeleNova - couldn't find any repo for their releases so no way to validate;
SubWallet - couldn't find any way to validate their releases or hashes;
ROTKO.NET your comment opened my eyes to look into the existing wallets and its worrying to see the wallet ecosystem we have in Polkadot, we seem to have wallets not even meeting the minimum standards let alone high standards other wallets are following.
One of the best proposals with substantial value add we have ever had from a wallet