From b6ae40082cc7a1c9cd0be899affacc38f70e438e Mon Sep 17 00:00:00 2001
From: Ryan Williams <ryan.williams@intersectmbo.org>
Date: Wed, 8 May 2024 09:57:50 +0100
Subject: [PATCH 1/3] init wallet best practices draft

---
 cip-wallet-best-practices/README.md | 97 +++++++++++++++++++++++++++++
 1 file changed, 97 insertions(+)
 create mode 100644 cip-wallet-best-practices/README.md

diff --git a/cip-wallet-best-practices/README.md b/cip-wallet-best-practices/README.md
new file mode 100644
index 000000000..302703675
--- /dev/null
+++ b/cip-wallet-best-practices/README.md
@@ -0,0 +1,97 @@
+---
+CIP: ?
+Title: Wallet best practices
+Category: Wallets
+Status: Proposed
+Authors:
+    - Ryan Williams <ryan.williams@intersectmbo.org>
+Implementors: []
+Discussions:
+    - https://github.com/cardano-foundation/CIPs/pull/?
+Created: 2024-05-08
+License: CC-BY-4.0
+---
+
+## Abstract
+
+Cardano boasts a wide and competitive wallet ecosystem.
+Diversity brings advantages, but can lead to disperse functionalities.
+
+Here we describe a common set of best practices for wallet implementors, in aims to improve security and user experience across the ecosystem.
+Whilst these recommendations cannot be enforced, by documenting them we aim to bring awareness to them for wallets
+
+## Motivation: why is this CIP necessary?
+<!-- A clear explanation that introduces the reason for a proposal, its use cases and stakeholders. If the CIP changes an established design then it must outline design issues that motivate a rework. -->
+
+This proposal intends to improve the security and user experience base lines for all wallets in the Cardano ecosystem.
+
+The stakeholders of this proposal are wallet users and wallet implementors.
+
+- Cardano wallets are quite different from a lot of other ecosystem wallets
+
+### Security
+
+- documenting best practices ensures that all wallet implementors can at least be aware, first step to conforming
+- improve security baselines, no excuses
+- may help users choose *safer* wallets
+
+### Inconsistent user experience
+
+- inherently complex things, derivation/addresses are hard to explain
+- lead to a worse experience causing people to leave the ecosystem
+- can lead to confusion for users across wallets, could lead to mistakes
+
+## Specification
+
+### Derivation/ Addresses
+
+- single address wallets should be aware that other wallets are multi-address
+- be aware of relevant standards
+
+### Secrets
+
+- encrypted using user's passphrase
+- decrypted secrets are in-memory for the least possible amount of time
+- any references to secret objects should be overwritten with byte arrays with 0s
+- user must always be asked to be able to decrypt secret key
+- encrypted, as much as possible
+- only decrypted for signing and derivation operations
+
+### Transactions
+
+- inform of all assets being moved within a transaction
+- strong warnings when wallet cannot verify the inputs to a transaction
+- signing certificates with the wrong type of keys
+
+### Meta
+
+- open source
+- should attempt to conform to standards/ formally describe
+- password protected
+  
+### Staking
+
+### dApp Connector
+
+### Governance
+
+## Rationale: how does this CIP achieve its goals?
+
+A lot of these are already followed, but it is nice to have a formal list, for people to check against.
+
+## Path to Active
+
+### Acceptance Criteria
+
+- [ ]
+- [ ]
+- [ ]
+
+### Implementation Plan
+
+- [ ] Present this proposal to the Wallets Working Group
+- [ ] Seek input from at least five wallet implementors
+
+## Copyright
+
+This CIP is licensed under [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode).

From 2a0b5343106e935be63a19df75725830cf83c43a Mon Sep 17 00:00:00 2001
From: Ryan <44342099+Ryun1@users.noreply.github.com>
Date: Thu, 16 May 2024 09:51:52 +0100
Subject: [PATCH 2/3] Update cip-wallet-best-practices/README.md

---
 cip-wallet-best-practices/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cip-wallet-best-practices/README.md b/cip-wallet-best-practices/README.md
index 302703675..d000b4ae3 100644
--- a/cip-wallet-best-practices/README.md
+++ b/cip-wallet-best-practices/README.md
@@ -7,7 +7,7 @@ Authors:
     - Ryan Williams <ryan.williams@intersectmbo.org>
 Implementors: []
 Discussions:
-    - https://github.com/cardano-foundation/CIPs/pull/?
+    - https://github.com/cardano-foundation/CIPs/pull/815
 Created: 2024-05-08
 License: CC-BY-4.0
 ---

From 87834b95068e3258d2a4bc1e9e83dcbfca78b33a Mon Sep 17 00:00:00 2001
From: Ryan Williams <ryan.williams@intersectmbo.org>
Date: Thu, 16 May 2024 13:58:37 +0100
Subject: [PATCH 3/3] small tidy

---
 cip-wallet-best-practices/README.md | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/cip-wallet-best-practices/README.md b/cip-wallet-best-practices/README.md
index d000b4ae3..8d522e107 100644
--- a/cip-wallet-best-practices/README.md
+++ b/cip-wallet-best-practices/README.md
@@ -15,20 +15,20 @@ License: CC-BY-4.0
 ## Abstract
 
 Cardano boasts a wide and competitive wallet ecosystem.
-Diversity brings advantages, but can lead to disperse functionalities.
+Diversity brings advantages but can also lead to disperse functionalities.
 
-Here we describe a common set of best practices for wallet implementors, in aims to improve security and user experience across the ecosystem.
-Whilst these recommendations cannot be enforced, by documenting them we aim to bring awareness to them for wallets
+Here we describe a common set of best practices for wallet implementors that aim to improve wallet security and user experience across the ecosystem.
+While these recommendations cannot be enforced, by documenting them, we aim to bring awareness to them for all stakeholders.
 
 ## Motivation: why is this CIP necessary?
-<!-- A clear explanation that introduces the reason for a proposal, its use cases and stakeholders. If the CIP changes an established design then it must outline design issues that motivate a rework. -->
+
+The Cardano ecosystem enjoys a wide range of wallets, this is great for users, affording them a range of options.
+Although this can bring challenges, ecosystem level standardization can be difficult.
 
 This proposal intends to improve the security and user experience base lines for all wallets in the Cardano ecosystem.
 
 The stakeholders of this proposal are wallet users and wallet implementors.
 
-- Cardano wallets are quite different from a lot of other ecosystem wallets
-
 ### Security
 
 - documenting best practices ensures that all wallet implementors can at least be aware, first step to conforming
@@ -43,6 +43,13 @@ The stakeholders of this proposal are wallet users and wallet implementors.
 
 ## Specification
 
+### Meta
+
+- open source
+- should attempt to conform to standards/ formally describe
+- passcode protected
+- should allow users to do what they want, but can warn of dangerous situations
+
 ### Derivation/ Addresses
 
 - single address wallets should be aware that other wallets are multi-address
@@ -62,15 +69,11 @@ The stakeholders of this proposal are wallet users and wallet implementors.
 - inform of all assets being moved within a transaction
 - strong warnings when wallet cannot verify the inputs to a transaction
 - signing certificates with the wrong type of keys
-
-### Meta
-
-- open source
-- should attempt to conform to standards/ formally describe
-- password protected
   
 ### Staking
 
+- should allow delegation to all
+
 ### dApp Connector
 
 ### Governance