From 64c2644c411ee49eb945ef798af52551b157c5a7 Mon Sep 17 00:00:00 2001 From: Lauritz Leifermann Date: Fri, 26 Aug 2022 20:11:42 +0200 Subject: [PATCH 1/9] add Revocation List Registry to EIPS Signed-off-by: Lauritz Leifermann --- EIPS/eip-template.md | 235 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 235 insertions(+) create mode 100644 EIPS/eip-template.md diff --git a/EIPS/eip-template.md b/EIPS/eip-template.md new file mode 100644 index 00000000000000..2328784e3d6274 --- /dev/null +++ b/EIPS/eip-template.md @@ -0,0 +1,235 @@ +--- +eip: +title: Revocation List Registry +description: Registry of revocation lists for revoking arbitrary data. +author: Philipp Bolte (@strumswell), Lauritz Leifermann (@lleifermann), Dennis von der Bey (@DennisVonDerBey) +discussions-to: +status: Draft +type: Standards Track +category (*only required for Standards Track): ERC +created: 2022-08-26 +requires (*optional): EIP-712 +--- + +## Abstract +This EIP proposes a set of methods and standards for an RBAC-enabled registry of indicators aimed for usage in revocations. + +## Motivation +Revocation is a universally needed construct both in the traditional centralized and decentralized credential attestation. This EIP aims to provide an interface to standardize a decentralized approach to managing and resolving revocation states in a contract registry. + +The largest problem with traditional revocation lists is the centralized aspect of them. Most of the world's CRLs rely on HTTP servers as well as caching and are therefore vulnerable to known attack vectors in the traditional web space. This aspect severely weakens the underlying strong asymmetric key architecture in current PKI systems. + +In addition, issuers in existing CRL approaches are required to host an own instance of their public revocation list, as shared or centralized instances run the risk of misusage by the controlling entity. +This incentivizes issuers to shift this responsibility to a third party, imposing the risk of even more centralization of the ecosystem (see Cloudflare, AWS). +Ideally, issuers should be able to focus on their area of expertise, including ownership of their revocable material, instead of worrying about infrastructure. + +We see value in a future of the Internet where anyone can be an issuer of verifiable information. This proposal lays the groundwork for anyone to also own the lifecycle of this information to build trust in ecosystems. + +## Definitions +- `namespace`: A namespace is a representation of an Ethereum address inside the registry. The address of the namespace initially has owner rights to all revocation lists beneath it. +- `owner`: An Ethereum address that has modifying rights to many revocation lists. Initially, the owner of a revocation list corresponds to the address of the namespace. +- `delegate`: An Ethereum address that is allowed to change the revocation statuses in a revocation list of a foreign namespace. Access has to be granted by the current owner of the revocation list. + +## Specification +The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119. + +This EIP specifies a contract called `EthereumRevocationRegistry` that is deployed once and may then be commonly used by everyone. By default, an Ethereum address **MAY** own and manage a multitude of revocation lists in a namespace that **MUST** contain the revocation states for a set of revocation keys. + +An owner of a namespace **MAY** allow delegates to manage one or more of its revocation lists. Delegates **MUST** be removable by the respective list's owner. In certain situations, an owner **MAY** also want to transfer a revocation list in a namespace and its management rights to a new owner. + +### Revocation management + +**isRevoked** +**MUST** implement a function that returns the revocation status of a particular revocation key in a namespace's revocation list. +```solidity +function isRevoked(address namespace, bytes32 list, bytes32 key) public view returns (bool); +``` + +**changeStatus** +**MUST** implement a function to change the revocation status of a particular revocation key in a namespace's revocation list +```solidity +function changeStatus(bool revoked, address namespace, bytes32 list, bytes32 key) public; +``` + +**changeStatusSigned** ([see meta transactions](#Meta-transactions)) +**OPTIONAL** implements a function to change the revocation status of a particular revocation key in a namespace's revocation list with a raw signature. +```solidity +function changeStatusSigned(bool revoked, address namespace, bytes32 list, bytes32 key, uint8 sigV, bytes32 sigR, bytes32 sigS) public; +``` + +**changeStatusDelegate** +**OPTIONAL** implements a function to change the revocation status of a particular revocation key in a namespace's revocation list with a raw signature. +```solidity +function changeStatusDelegate(bool revoked, address namespace, bytes32 list, bytes32 key) public; +``` + +**changeStatusDelegateSigned** ([see meta transactions](#Meta-transactions)) +**OPTIONAL** implements a function to change the revocation status of a particular revocation key in a namespace's revocation list with a raw signature. +```solidity +function changeStatusDelegateSigned(bool revoked, address namespace, bytes32 list, bytes32 key, uint8 sigV, bytes32 sigR, bytes32 sigS) public; +``` + +**batchChangeStatuses** +**OPTIONAL** implements a function to change multiple revocation statuses in different revocation lists and namespaces at once. +```solidity +function batchChangeStatuses(bool[] revokedStatuses, address[] namespaces, bytes32[] lists, bytes32[] keys) public; +``` + +**batchChangeStatusesSigned** ([see meta transactions](#Meta-transactions)) +**OPTIONAL** implements a function to change multiple revocation statuses in different revocation lists and namespaces at once with a raw signature. +```solidity +function batchChangeStatusesSigned(bool[] revokedStatuses, address[] namespaces, bytes32[] lists, bytes32[] keys, uint8 sigV, bytes32 sigR, bytes32 sigS) public; +``` + +**batchChangeListStatuses** +**OPTIONAL** implements a function to change multiple revocation statuses in a specific namespace's revocation list. +```solidity +function batchChangeListStatuses(bool[] revokedStatuses, address namespace, bytes32 list, bytes32[] keys) public; +``` + +**batchChangeListStatusesSigned** ([see meta transactions](#Meta-transactions)) +**OPTIONAL** implements a function to change multiple revocation statuses in a specific namespace's revocation list with a raw signature. +```solidity +function batchChangeListStatusesSigned(bool[] revokedStatuses, address namespace, bytes32 list, bytes32[] keys, uint8 sigV, bytes32 sigR, bytes32 sigS) public; +``` + +### Owner managment + +**changeListOwner** +**OPTIONAL** implement a function to change the owner of a revocation list in a namespace to a new address. +```solidity +function changeListOwner(address owner, address newOwner, bytes32 list) public; +``` + +**changeListOwnerSigned** ([see Meta transactions](#Meta-transactions)) +**OPTIONAL** implements a function to change the owner of a revocation list in a namespace to a new address. +```solidity +function changeListOwnerSigned(address owner, address newOwner, bytes32 list, uint8 sigV, bytes32 sigR, bytes32 sigS) public; +``` + +### Delegation management + +#### addListDelegate +**OPTIONAL** implements a function to add a delegate to an owner's revocation in a namespace list. +```solidity +function addListDelegate(address owner, address delegate, bytes32 list) public; +``` + +#### addListDelegateSigned ([see Meta transactions](#Meta-transactions)) +**OPTIONAL** implements a function to add a delegate to an owner's revocation list in a namespace with a raw signature. +```solidity +function addListDelegateSigned(address owner, address delegate, bytes32 list, uint8 sigV, bytes32 sigR, bytes32 sigS) public; +``` + +#### removeListDelegate +**OPTIONAL** implements a function to remove a delegate from an owner's revocation list in a namespace. +```solidity +function removeListDelegate(address owner, address delegate, bytes32 list) public; +``` + +#### removeListDelegateSigned ([see Meta transactions](#Meta-transactions)) +**OPTIONAL** implements a function to remove a delegate from an owner's revocation list in a namespace with a raw signature. +```solidity +function removeListDelegateSigned(address owner, address delegate, bytes32 list, uint8 sigV, bytes32 sigR, bytes32 sigS) public; +``` + +### Events + +**RevocationStatusChanged** +**MUST** be emitted when `changeStatus`, `changeStatusSigned`, `changeStatusDelegate`, or `changeStatusDelegateSigned` was successfully executed. + +```solidity +event RevocationStatusChanged( + address indexed namespace, + bytes32 indexed list, + bytes32 indexed key, + bool revoked +); +``` + +**RevocationStatusesChanged** +**MUST** be emitted when `batchChangeStatuses`, `batchChangeStatusesSigned`, `batchChangeListStatuses`, or `batchChangeListStatusesSigned` was successfully executed. + +```solidity +event RevocationStatusesChanged( + address[] indexed namespaces, + bytes32[] indexed lists, + bytes32[] indexed keys, + bool[] revoked +); +``` + +**ListOwnerChanged** +**MUST** be emitted when `changeListOwner` or `changeListOwnerSigned` was successfully executed. + +```solidity +event ListOwnerChanged( + address indexed namespace, + address indexed newOwner, + bytes32 indexed list +); +``` + +**DelegateAdded** +**MUST** be emitted when `addListDelegate` or `addListDelegateSigned` was successfully executed. + +```solidity +event ListDelegateAdded( + address indexed namespace, + address indexed delegate, + bytes32 indexed list +); +``` + +**DelegateRemoved** +**MUST** be emitted when `removeListDelegate` or `removeListDelegateSigned` was successfully executed. + +```solidity +event ListDelegateRemoved( + address indexed namespace, + address indexed delegate, + bytes32 indexed list +); +``` + +### Meta transactions + +This section uses the following terms: + +**`transaction signer`:** An Ethereum address that signs arbitrary data for the contract to execute **BUT** does not commit the transaction. +**`transaction sender`**: An Ethereum address that takes signed data from a **transaction signer** and commits it wrapped with its own signature to the smart contract. + +An address (**transaction signer**) **MAY** be able to deliver a signed payload off-band to another address (**transaction sender**) that initiates the Ethereum interaction with the smart contract. The signed payload **MUST** be limited to be used only once ([Signed Hash](#Signed-Hash) + [nonces](#Nonce)). + +#### Signed Hash + +The signature of the **transaction signer** **MUST** conform [EIP-712](/EIPS/eip-712), in its state that is proposed in [`ethereum/EIPs/issues/5475`](https://github.com/ethereum/EIPs/issues/5475). This helps users understand what the payload they're signing consists of & it improves the protection against replay attacks. + +#### Nonce + +This EIP **RECOMMENDS** the use of a **dedicated nonce mapping** for meta transactions. If the signature of the **transaction sender** and its meta contents are verified, the contract increases a nonce for this **transaction signer**. This effectively removes the possibility for any other sender to execute the same transaction again with another wallet. + +## Rationale + +### Why the concept of namespaces? +> This provides every Ethereum address a reserved space, without the need to actively claim it in the contract. Initially addresses only have owner access in their own namespace. + +### Why does a namespace always represent the initial owner address? +> The change of an owner of a list shouldn't break the link to a revocation key in it, as already existing off-chain data may depend on it. + +## Backwards Compatibility +Not applicable + +## Reference Implementation +tba + +## Security Considerations + +### Meta Transactions +The signature of signed transactions could potentially be replayed on different chains or deployed versions of the registry implementing this ERC. This security consideration is addressed by the usage of [EIP-712](/EIPS/eip-712 + +### Rights Management +The different roles and their inherent permissions are meant to prevent changes from unauthorized entities. The revocation list owner should always be in complete control over its revocation list and who has writing access to it. + +## Copyright +Copyright and related rights waived via [CC0](../LICENSE.md). From 0f60a57ad4288f62396547c26e20be57da720511 Mon Sep 17 00:00:00 2001 From: Lauritz Leifermann Date: Fri, 26 Aug 2022 20:25:11 +0200 Subject: [PATCH 2/9] fix category & move definitions section to specification Signed-off-by: Lauritz Leifermann --- EIPS/eip-template.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/EIPS/eip-template.md b/EIPS/eip-template.md index 2328784e3d6274..8ac2abc1966e90 100644 --- a/EIPS/eip-template.md +++ b/EIPS/eip-template.md @@ -6,7 +6,7 @@ author: Philipp Bolte (@strumswell), Lauritz Leifermann (@lleifermann), Dennis v discussions-to: status: Draft type: Standards Track -category (*only required for Standards Track): ERC +category: ERC created: 2022-08-26 requires (*optional): EIP-712 --- @@ -25,11 +25,6 @@ Ideally, issuers should be able to focus on their area of expertise, including o We see value in a future of the Internet where anyone can be an issuer of verifiable information. This proposal lays the groundwork for anyone to also own the lifecycle of this information to build trust in ecosystems. -## Definitions -- `namespace`: A namespace is a representation of an Ethereum address inside the registry. The address of the namespace initially has owner rights to all revocation lists beneath it. -- `owner`: An Ethereum address that has modifying rights to many revocation lists. Initially, the owner of a revocation list corresponds to the address of the namespace. -- `delegate`: An Ethereum address that is allowed to change the revocation statuses in a revocation list of a foreign namespace. Access has to be granted by the current owner of the revocation list. - ## Specification The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119. @@ -37,6 +32,11 @@ This EIP specifies a contract called `EthereumRevocationRegistry` that is deploy An owner of a namespace **MAY** allow delegates to manage one or more of its revocation lists. Delegates **MUST** be removable by the respective list's owner. In certain situations, an owner **MAY** also want to transfer a revocation list in a namespace and its management rights to a new owner. +### Definitions +- `namespace`: A namespace is a representation of an Ethereum address inside the registry. The address of the namespace initially has owner rights to all revocation lists beneath it. +- `owner`: An Ethereum address that has modifying rights to many revocation lists. Initially, the owner of a revocation list corresponds to the address of the namespace. +- `delegate`: An Ethereum address that is allowed to change the revocation statuses in a revocation list of a foreign namespace. Access has to be granted by the current owner of the revocation list. + ### Revocation management **isRevoked** From fee25ff1d0d43a47aa82c4be09708fbc390d4eb9 Mon Sep 17 00:00:00 2001 From: Lauritz Leifermann Date: Fri, 26 Aug 2022 22:08:21 +0200 Subject: [PATCH 3/9] pull request review Signed-off-by: Lauritz Leifermann --- EIPS/{eip-template.md => eip-5539.md} | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) rename EIPS/{eip-template.md => eip-5539.md} (96%) diff --git a/EIPS/eip-template.md b/EIPS/eip-5539.md similarity index 96% rename from EIPS/eip-template.md rename to EIPS/eip-5539.md index 8ac2abc1966e90..1e805bedf36597 100644 --- a/EIPS/eip-template.md +++ b/EIPS/eip-5539.md @@ -1,5 +1,5 @@ --- -eip: +eip: 5539 title: Revocation List Registry description: Registry of revocation lists for revoking arbitrary data. author: Philipp Bolte (@strumswell), Lauritz Leifermann (@lleifermann), Dennis von der Bey (@DennisVonDerBey) @@ -8,7 +8,7 @@ status: Draft type: Standards Track category: ERC created: 2022-08-26 -requires (*optional): EIP-712 +requires: 712 --- ## Abstract @@ -93,7 +93,7 @@ function batchChangeListStatuses(bool[] revokedStatuses, address namespace, byte function batchChangeListStatusesSigned(bool[] revokedStatuses, address namespace, bytes32 list, bytes32[] keys, uint8 sigV, bytes32 sigR, bytes32 sigS) public; ``` -### Owner managment +### Owner management **changeListOwner** **OPTIONAL** implement a function to change the owner of a revocation list in a namespace to a new address. @@ -203,7 +203,7 @@ An address (**transaction signer**) **MAY** be able to deliver a signed payload #### Signed Hash -The signature of the **transaction signer** **MUST** conform [EIP-712](/EIPS/eip-712), in its state that is proposed in [`ethereum/EIPs/issues/5475`](https://github.com/ethereum/EIPs/issues/5475). This helps users understand what the payload they're signing consists of & it improves the protection against replay attacks. +The signature of the **transaction signer** **MUST** conform [EIP-712](./eip-712.md). This helps users understand what the payload they're signing consists of & it improves the protection against replay attacks. #### Nonce @@ -218,15 +218,12 @@ This EIP **RECOMMENDS** the use of a **dedicated nonce mapping** for meta transa > The change of an owner of a list shouldn't break the link to a revocation key in it, as already existing off-chain data may depend on it. ## Backwards Compatibility -Not applicable - -## Reference Implementation -tba +No backward compatibility issues were found. ## Security Considerations ### Meta Transactions -The signature of signed transactions could potentially be replayed on different chains or deployed versions of the registry implementing this ERC. This security consideration is addressed by the usage of [EIP-712](/EIPS/eip-712 +The signature of signed transactions could potentially be replayed on different chains or deployed versions of the registry implementing this ERC. This security consideration is addressed by the usage of [EIP-712](./eip-712.md) ### Rights Management The different roles and their inherent permissions are meant to prevent changes from unauthorized entities. The revocation list owner should always be in complete control over its revocation list and who has writing access to it. From 2ae8865adc7959171ae76e8452343924ff583b14 Mon Sep 17 00:00:00 2001 From: Dennis von der Bey Date: Mon, 29 Aug 2022 21:49:17 +0200 Subject: [PATCH 4/9] chore: add discussion link --- EIPS/eip-5539.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EIPS/eip-5539.md b/EIPS/eip-5539.md index 1e805bedf36597..8503d60252ca67 100644 --- a/EIPS/eip-5539.md +++ b/EIPS/eip-5539.md @@ -3,7 +3,7 @@ eip: 5539 title: Revocation List Registry description: Registry of revocation lists for revoking arbitrary data. author: Philipp Bolte (@strumswell), Lauritz Leifermann (@lleifermann), Dennis von der Bey (@DennisVonDerBey) -discussions-to: +discussions-to: https://ethereum-magicians.org/t/eip-5539-revocation-list-registry/10573 status: Draft type: Standards Track category: ERC From e1cda055cd0073697b365fbd3f7d2f5123f4448a Mon Sep 17 00:00:00 2001 From: Philipp Bolte Date: Mon, 12 Sep 2022 14:46:21 +0200 Subject: [PATCH 5/9] chore: reflect newest changes to functions, events, and fix link issue --- EIPS/eip-5539.md | 166 ++++++++++++++++++++++++++++------------------- 1 file changed, 99 insertions(+), 67 deletions(-) diff --git a/EIPS/eip-5539.md b/EIPS/eip-5539.md index 8503d60252ca67..e81ffda540c13d 100644 --- a/EIPS/eip-5539.md +++ b/EIPS/eip-5539.md @@ -12,7 +12,7 @@ requires: 712 --- ## Abstract -This EIP proposes a set of methods and standards for an RBAC-enabled registry of indicators aimed for usage in revocations. +This EIP proposes a set of methods and standards for a role-based registry of indicators aimed for usage in revocations. ## Motivation Revocation is a universally needed construct both in the traditional centralized and decentralized credential attestation. This EIP aims to provide an interface to standardize a decentralized approach to managing and resolving revocation states in a contract registry. @@ -33,171 +33,203 @@ This EIP specifies a contract called `EthereumRevocationRegistry` that is deploy An owner of a namespace **MAY** allow delegates to manage one or more of its revocation lists. Delegates **MUST** be removable by the respective list's owner. In certain situations, an owner **MAY** also want to transfer a revocation list in a namespace and its management rights to a new owner. ### Definitions -- `namespace`: A namespace is a representation of an Ethereum address inside the registry. The address of the namespace initially has owner rights to all revocation lists beneath it. -- `owner`: An Ethereum address that has modifying rights to many revocation lists. Initially, the owner of a revocation list corresponds to the address of the namespace. -- `delegate`: An Ethereum address that is allowed to change the revocation statuses in a revocation list of a foreign namespace. Access has to be granted by the current owner of the revocation list. +- `namespace`: A namespace is a representation of an Ethereum address inside the registry that corresponds to its owners address. All revocation lists within a namespace are initially owned by the namespace's owner address. +- `revocation list`: A namespace can contain a number of revocation lists. Each revocation list is identified by a unique key of the type bytes32 that can be used to address it in combination with the namespace address. +- `revocation key`: A revocation list can contain a number of revocation keys of the type bytes32. In combination with the namespace address and the revocation list key, it resolves to a boolean value that indicates whether the revocation key is revoked or not. +- `owner`: An Ethereum address that has modifying rights to revocation lists within its own and possibly foreign namespaces. An owner can give up modifying rights of revocation lists within its namespace by transferring ownership to another address. +- `delegate`: An Ethereum address that received temporary access to a revocation list in a namespace. It has to be granted by the current owner of the revocation list in question. -### Revocation management +### Revocation Management -**isRevoked** -**MUST** implement a function that returns the revocation status of a particular revocation key in a namespace's revocation list. +#### isRevoked +**MUST** implement a function that returns the revocation status of a particular revocation key in a namespace's revocation list. It **MAY** also respect the revocation lists revocation status. ```solidity function isRevoked(address namespace, bytes32 list, bytes32 key) public view returns (bool); ``` -**changeStatus** +#### changeStatus **MUST** implement a function to change the revocation status of a particular revocation key in a namespace's revocation list ```solidity -function changeStatus(bool revoked, address namespace, bytes32 list, bytes32 key) public; +function changeStatus(bool revoked, address namespace, bytes32 revocationList, bytes32 revocationKey) public; ``` -**changeStatusSigned** ([see meta transactions](#Meta-transactions)) +#### changeStatusSigned ([see Meta Transactions](#MetaTransactions)) **OPTIONAL** implements a function to change the revocation status of a particular revocation key in a namespace's revocation list with a raw signature. ```solidity -function changeStatusSigned(bool revoked, address namespace, bytes32 list, bytes32 key, uint8 sigV, bytes32 sigR, bytes32 sigS) public; +function changeStatusSigned(bool revoked, address namespace, bytes32 revocationList, bytes32 revocationKey, bytes calldata signature) public; ``` -**changeStatusDelegate** -**OPTIONAL** implements a function to change the revocation status of a particular revocation key in a namespace's revocation list with a raw signature. +#### changeStatusDelegated +**OPTIONAL** implements a function to change the revocation status of a particular revocation key in a namespace's revocation list by a revocation list's delegate. ```solidity -function changeStatusDelegate(bool revoked, address namespace, bytes32 list, bytes32 key) public; +function changeStatusDelegated(bool revoked, address namespace, bytes32 revocationList, bytes32 revocationKey) public; ``` -**changeStatusDelegateSigned** ([see meta transactions](#Meta-transactions)) +#### changeStatusDelegatedSigned ([see Meta Transactions](#MetaTransactions)) **OPTIONAL** implements a function to change the revocation status of a particular revocation key in a namespace's revocation list with a raw signature. ```solidity -function changeStatusDelegateSigned(bool revoked, address namespace, bytes32 list, bytes32 key, uint8 sigV, bytes32 sigR, bytes32 sigS) public; +function changeStatusDelegatedSigned(bool revoked, address namespace, bytes32 revocationList, bytes32 revocationKey, bytes calldata signature) public; +``` + +#### changeStatusesInList +**OPTIONAL** implements a function to change multiple revocation statuses in a namespace's revocation list at once. +```solidity +function changeStatusesInList(bool[] memory revoked, address namespace, bytes32 revocationList, bytes32[] memory revocationKeys) public; +``` + +#### changeStatusesInListSigned ([see Meta Transactions](#MetaTransactions)) +**OPTIONAL** implements a function to change multiple revocation statuses in a namespace's revocation list at once with a raw signature. +```solidity +function changeStatusesInListSigned(bool[] memory revoked, address namespace, bytes32 revocationList, bytes32[] memory revocationKeys, bytes calldata signature) public; +``` + +#### changeStatusesInListDelegated +**OPTIONAL** implements a function to change multiple revocation statuses in a namespace's revocation list at once by a revocation list's delegate. +```solidity +function changeStatusesInListDelegated(bool[] memory revoked, address namespace, bytes32 revocationList, bytes32[] memory revocationKeys) public; ``` -**batchChangeStatuses** -**OPTIONAL** implements a function to change multiple revocation statuses in different revocation lists and namespaces at once. +#### changeStatusesInListDelegatedSigned ([see Meta Transactions](#MetaTransactions)) +**OPTIONAL** implements a function to change multiple revocation statuses in a namespace's revocation list at once with a raw signature generated by a revocation list's delegate. ```solidity -function batchChangeStatuses(bool[] revokedStatuses, address[] namespaces, bytes32[] lists, bytes32[] keys) public; +function changeStatusesInListDelegatedSigned(bool[] memory revoked, address namespace, bytes32 revocationList, bytes32[] memory revocationKeys) public; ``` -**batchChangeStatusesSigned** ([see meta transactions](#Meta-transactions)) -**OPTIONAL** implements a function to change multiple revocation statuses in different revocation lists and namespaces at once with a raw signature. +### Revocation List Management + +#### +**OPTIONAL** implements a function that returns the revocation status of a particular revocation list in a namespace. ```solidity -function batchChangeStatusesSigned(bool[] revokedStatuses, address[] namespaces, bytes32[] lists, bytes32[] keys, uint8 sigV, bytes32 sigR, bytes32 sigS) public; +function listIsRevoked(address namespace, bytes32 revocationList) view public returns (bool); ``` -**batchChangeListStatuses** -**OPTIONAL** implements a function to change multiple revocation statuses in a specific namespace's revocation list. +#### changeListStatus +**OPTIONAL** implements a function to change the revocation of a revocation list itself. If a revocation list is revoked, all its keys are considered revoked as well. ```solidity -function batchChangeListStatuses(bool[] revokedStatuses, address namespace, bytes32 list, bytes32[] keys) public; +function changeListStatus(bool revoked, address namespace, bytes32 revocationList) public; ``` -**batchChangeListStatusesSigned** ([see meta transactions](#Meta-transactions)) -**OPTIONAL** implements a function to change multiple revocation statuses in a specific namespace's revocation list with a raw signature. +#### changeListStatusSigned ([see Meta Transactions](#MetaTransactions)) +**OPTIONAL** implements a function to change the revocation of a revocation list itself with a raw signature. If a revocation list is revoked, all its keys are considered revoked as well. ```solidity -function batchChangeListStatusesSigned(bool[] revokedStatuses, address namespace, bytes32 list, bytes32[] keys, uint8 sigV, bytes32 sigR, bytes32 sigS) public; +function changeListStatusSigned(bool revoked, address namespace, bytes32 revocationList, bytes calldata signature) public; ``` ### Owner management -**changeListOwner** -**OPTIONAL** implement a function to change the owner of a revocation list in a namespace to a new address. +#### changeListOwner +**OPTIONAL** implement a function to change the revocation status of a revocation list. If a revocation list is revoked, all keys in it are considered revoked. ```solidity -function changeListOwner(address owner, address newOwner, bytes32 list) public; +function changeListOwner(address newOwner, address namespace, bytes32 revocationList) public; ``` -**changeListOwnerSigned** ([see Meta transactions](#Meta-transactions)) -**OPTIONAL** implements a function to change the owner of a revocation list in a namespace to a new address. +#### changeListOwnerSigned ([see Meta Transactions](#MetaTransactions)) +**OPTIONAL** implement a function to change the revocation status of a revocation list with a raw signature. If a revocation list is revoked, all keys in it are considered revoked. ```solidity -function changeListOwnerSigned(address owner, address newOwner, bytes32 list, uint8 sigV, bytes32 sigR, bytes32 sigS) public; +function changeListOwnerSigned(address newOwner, address namespace, bytes32 revocationList, bytes calldata signature) public; ``` ### Delegation management #### addListDelegate -**OPTIONAL** implements a function to add a delegate to an owner's revocation in a namespace list. +**OPTIONAL** implements a function to add a delegate to an owner's revocation list in a namespace. ```solidity -function addListDelegate(address owner, address delegate, bytes32 list) public; +function addListDelegate(address delegate, address namespace, bytes32 revocationList) public; ``` -#### addListDelegateSigned ([see Meta transactions](#Meta-transactions)) +#### addListDelegateSigned ([see Meta Transactions](#MetaTransactions)) **OPTIONAL** implements a function to add a delegate to an owner's revocation list in a namespace with a raw signature. ```solidity -function addListDelegateSigned(address owner, address delegate, bytes32 list, uint8 sigV, bytes32 sigR, bytes32 sigS) public; +function addListDelegateSigned(address delegate, address namespace, bytes32 revocationList, bytes calldata signature) public; ``` #### removeListDelegate **OPTIONAL** implements a function to remove a delegate from an owner's revocation list in a namespace. ```solidity -function removeListDelegate(address owner, address delegate, bytes32 list) public; +function removeListDelegate(address delegate, address owner, bytes32 revocationList) public; ``` -#### removeListDelegateSigned ([see Meta transactions](#Meta-transactions)) +#### removeListDelegateSigned ([see Meta Transactions](#MetaTransactions)) **OPTIONAL** implements a function to remove a delegate from an owner's revocation list in a namespace with a raw signature. ```solidity -function removeListDelegateSigned(address owner, address delegate, bytes32 list, uint8 sigV, bytes32 sigR, bytes32 sigS) public; +function removeListDelegateSigned(address delegate, address namespace, bytes32 revocationList, bytes calldata signature) public; ``` ### Events -**RevocationStatusChanged** -**MUST** be emitted when `changeStatus`, `changeStatusSigned`, `changeStatusDelegate`, or `changeStatusDelegateSigned` was successfully executed. +#### RevocationStatusChanged +**MUST** be emitted when `changeStatus`, `changeStatusSigned`, `changeStatusDelegated`, or `changeStatusDelegatedSigned` was successfully executed. ```solidity event RevocationStatusChanged( address indexed namespace, - bytes32 indexed list, - bytes32 indexed key, + bytes32 indexed revocationList, + bytes32 indexed revocationKey, bool revoked ); ``` -**RevocationStatusesChanged** -**MUST** be emitted when `batchChangeStatuses`, `batchChangeStatusesSigned`, `batchChangeListStatuses`, or `batchChangeListStatusesSigned` was successfully executed. +#### RevocationStatusesChanged +**MUST** be emitted when `changeStatusesInList`, `changeStatusesInListSigned`, `changeStatusesInListDelegated`, or `changeStatusesInListDelegatedSigned` was successfully executed. ```solidity event RevocationStatusesChanged( - address[] indexed namespaces, - bytes32[] indexed lists, - bytes32[] indexed keys, + address indexed namespace, + bytes32 indexed revocationList, + bytes32[] indexed revocationKeys, bool[] revoked ); ``` -**ListOwnerChanged** +#### RevocationListOwnerChanged **MUST** be emitted when `changeListOwner` or `changeListOwnerSigned` was successfully executed. ```solidity -event ListOwnerChanged( +event RevocationListOwnerChanged( address indexed namespace, + bytes32 indexed revocationList address indexed newOwner, - bytes32 indexed list ); ``` -**DelegateAdded** +#### RevocationListDelegateAdded **MUST** be emitted when `addListDelegate` or `addListDelegateSigned` was successfully executed. ```solidity -event ListDelegateAdded( +event RevocationListDelegateAdded( address indexed namespace, - address indexed delegate, - bytes32 indexed list + bytes32 indexed revocationList, + address indexed delegate ); ``` -**DelegateRemoved** +#### RevocationListDelegateRemoved **MUST** be emitted when `removeListDelegate` or `removeListDelegateSigned` was successfully executed. ```solidity -event ListDelegateRemoved( +event RevocationListDelegateRemoved( address indexed namespace, - address indexed delegate, - bytes32 indexed list + bytes32 indexed revocationList, + address indexed delegate ); ``` -### Meta transactions +#### RevocationListStatusChanged +**MUST** be emitted when `changeListStatus` or `changeListStatusSigned` was successfully executed. + +```solidity +event RevocationListStatusChanged( + address indexed namespace, + bytes32 indexed revocationlist, + bool revoked +); +``` -This section uses the following terms: +### Meta Transactions -**`transaction signer`:** An Ethereum address that signs arbitrary data for the contract to execute **BUT** does not commit the transaction. -**`transaction sender`**: An Ethereum address that takes signed data from a **transaction signer** and commits it wrapped with its own signature to the smart contract. +This section uses the following terms: +- **`transaction signer`**: An Ethereum address that signs arbitrary data for the contract to execute **BUT** does not commit the transaction. +- **`transaction sender`**: An Ethereum address that takes signed data from a **transaction signer** and commits it wrapped with its own signature to the smart contract. An address (**transaction signer**) **MAY** be able to deliver a signed payload off-band to another address (**transaction sender**) that initiates the Ethereum interaction with the smart contract. The signed payload **MUST** be limited to be used only once ([Signed Hash](#Signed-Hash) + [nonces](#Nonce)). @@ -212,10 +244,10 @@ This EIP **RECOMMENDS** the use of a **dedicated nonce mapping** for meta transa ## Rationale ### Why the concept of namespaces? -> This provides every Ethereum address a reserved space, without the need to actively claim it in the contract. Initially addresses only have owner access in their own namespace. +This provides every Ethereum address a reserved space, without the need to actively claim it in the contract. Initially addresses only have owner access in their own namespace. ### Why does a namespace always represent the initial owner address? -> The change of an owner of a list shouldn't break the link to a revocation key in it, as already existing off-chain data may depend on it. +The change of an owner of a list shouldn't break the link to a revocation key in it, as already existing off-chain data may depend on it. ## Backwards Compatibility No backward compatibility issues were found. From d2c9a3edc6a5cbe4d06b7db3b6e29fcbaf1d47c6 Mon Sep 17 00:00:00 2001 From: Philipp Bolte Date: Mon, 12 Sep 2022 15:11:13 +0200 Subject: [PATCH 6/9] chore: fix links for nonce and signed hash --- EIPS/eip-5539.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/EIPS/eip-5539.md b/EIPS/eip-5539.md index e81ffda540c13d..64252c0343998f 100644 --- a/EIPS/eip-5539.md +++ b/EIPS/eip-5539.md @@ -231,13 +231,13 @@ This section uses the following terms: - **`transaction signer`**: An Ethereum address that signs arbitrary data for the contract to execute **BUT** does not commit the transaction. - **`transaction sender`**: An Ethereum address that takes signed data from a **transaction signer** and commits it wrapped with its own signature to the smart contract. -An address (**transaction signer**) **MAY** be able to deliver a signed payload off-band to another address (**transaction sender**) that initiates the Ethereum interaction with the smart contract. The signed payload **MUST** be limited to be used only once ([Signed Hash](#Signed-Hash) + [nonces](#Nonce)). +An address (**transaction signer**) **MAY** be able to deliver a signed payload off-band to another address (**transaction sender**) that initiates the Ethereum interaction with the smart contract. The signed payload **MUST** be limited to be used only once ([Signed Hash](#SignedHash) + [nonces](#Nonce)). -#### Signed Hash +#### Signed Hash The signature of the **transaction signer** **MUST** conform [EIP-712](./eip-712.md). This helps users understand what the payload they're signing consists of & it improves the protection against replay attacks. -#### Nonce +#### Nonce This EIP **RECOMMENDS** the use of a **dedicated nonce mapping** for meta transactions. If the signature of the **transaction sender** and its meta contents are verified, the contract increases a nonce for this **transaction signer**. This effectively removes the possibility for any other sender to execute the same transaction again with another wallet. From f86afa22f1ea0552498dd53c829b243bd57858eb Mon Sep 17 00:00:00 2001 From: Philipp Bolte Date: Mon, 12 Sep 2022 16:17:39 +0200 Subject: [PATCH 7/9] chore: add signer addresses to signed methods --- EIPS/eip-5539.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/EIPS/eip-5539.md b/EIPS/eip-5539.md index 64252c0343998f..cc731f3e8646e4 100644 --- a/EIPS/eip-5539.md +++ b/EIPS/eip-5539.md @@ -56,7 +56,7 @@ function changeStatus(bool revoked, address namespace, bytes32 revocationList, b #### changeStatusSigned ([see Meta Transactions](#MetaTransactions)) **OPTIONAL** implements a function to change the revocation status of a particular revocation key in a namespace's revocation list with a raw signature. ```solidity -function changeStatusSigned(bool revoked, address namespace, bytes32 revocationList, bytes32 revocationKey, bytes calldata signature) public; +function changeStatusSigned(bool revoked, address namespace, bytes32 revocationList, bytes32 revocationKey, address signer, bytes calldata signature) public; ``` #### changeStatusDelegated @@ -68,7 +68,7 @@ function changeStatusDelegated(bool revoked, address namespace, bytes32 revocati #### changeStatusDelegatedSigned ([see Meta Transactions](#MetaTransactions)) **OPTIONAL** implements a function to change the revocation status of a particular revocation key in a namespace's revocation list with a raw signature. ```solidity -function changeStatusDelegatedSigned(bool revoked, address namespace, bytes32 revocationList, bytes32 revocationKey, bytes calldata signature) public; +function changeStatusDelegatedSigned(bool revoked, address namespace, bytes32 revocationList, bytes32 revocationKey, address signer, bytes calldata signature) public; ``` #### changeStatusesInList @@ -80,7 +80,7 @@ function changeStatusesInList(bool[] memory revoked, address namespace, bytes32 #### changeStatusesInListSigned ([see Meta Transactions](#MetaTransactions)) **OPTIONAL** implements a function to change multiple revocation statuses in a namespace's revocation list at once with a raw signature. ```solidity -function changeStatusesInListSigned(bool[] memory revoked, address namespace, bytes32 revocationList, bytes32[] memory revocationKeys, bytes calldata signature) public; +function changeStatusesInListSigned(bool[] memory revoked, address namespace, bytes32 revocationList, bytes32[] memory revocationKeys, address signer, bytes calldata signature) public; ``` #### changeStatusesInListDelegated @@ -92,7 +92,7 @@ function changeStatusesInListDelegated(bool[] memory revoked, address namespace, #### changeStatusesInListDelegatedSigned ([see Meta Transactions](#MetaTransactions)) **OPTIONAL** implements a function to change multiple revocation statuses in a namespace's revocation list at once with a raw signature generated by a revocation list's delegate. ```solidity -function changeStatusesInListDelegatedSigned(bool[] memory revoked, address namespace, bytes32 revocationList, bytes32[] memory revocationKeys) public; +function changeStatusesInListDelegatedSigned(bool[] memory revoked, address namespace, bytes32 revocationList, bytes32[] memory revocationKeys, address signer, bytes calldata signature) public; ``` ### Revocation List Management @@ -112,7 +112,7 @@ function changeListStatus(bool revoked, address namespace, bytes32 revocationLis #### changeListStatusSigned ([see Meta Transactions](#MetaTransactions)) **OPTIONAL** implements a function to change the revocation of a revocation list itself with a raw signature. If a revocation list is revoked, all its keys are considered revoked as well. ```solidity -function changeListStatusSigned(bool revoked, address namespace, bytes32 revocationList, bytes calldata signature) public; +function changeListStatusSigned(bool revoked, address namespace, bytes32 revocationList, address signer, bytes calldata signature) public; ``` ### Owner management @@ -126,7 +126,7 @@ function changeListOwner(address newOwner, address namespace, bytes32 revocation #### changeListOwnerSigned ([see Meta Transactions](#MetaTransactions)) **OPTIONAL** implement a function to change the revocation status of a revocation list with a raw signature. If a revocation list is revoked, all keys in it are considered revoked. ```solidity -function changeListOwnerSigned(address newOwner, address namespace, bytes32 revocationList, bytes calldata signature) public; +function changeListOwnerSigned(address newOwner, address namespace, bytes32 revocationList, address signer, bytes calldata signature) public; ``` ### Delegation management @@ -140,7 +140,7 @@ function addListDelegate(address delegate, address namespace, bytes32 revocation #### addListDelegateSigned ([see Meta Transactions](#MetaTransactions)) **OPTIONAL** implements a function to add a delegate to an owner's revocation list in a namespace with a raw signature. ```solidity -function addListDelegateSigned(address delegate, address namespace, bytes32 revocationList, bytes calldata signature) public; +function addListDelegateSigned(address delegate, address namespace, bytes32 revocationList, address signer, bytes calldata signature) public; ``` #### removeListDelegate @@ -152,7 +152,7 @@ function removeListDelegate(address delegate, address owner, bytes32 revocationL #### removeListDelegateSigned ([see Meta Transactions](#MetaTransactions)) **OPTIONAL** implements a function to remove a delegate from an owner's revocation list in a namespace with a raw signature. ```solidity -function removeListDelegateSigned(address delegate, address namespace, bytes32 revocationList, bytes calldata signature) public; +function removeListDelegateSigned(address delegate, address namespace, bytes32 revocationList, address signer, bytes calldata signature) public; ``` ### Events From fd60e15e1de875b036b4522ec6fdc8d8e73d6f44 Mon Sep 17 00:00:00 2001 From: Philipp Bolte Date: Mon, 12 Sep 2022 16:28:29 +0200 Subject: [PATCH 8/9] chore: remove old batch event --- EIPS/eip-5539.md | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/EIPS/eip-5539.md b/EIPS/eip-5539.md index cc731f3e8646e4..374d4c5c7b9343 100644 --- a/EIPS/eip-5539.md +++ b/EIPS/eip-5539.md @@ -158,7 +158,7 @@ function removeListDelegateSigned(address delegate, address namespace, bytes32 r ### Events #### RevocationStatusChanged -**MUST** be emitted when `changeStatus`, `changeStatusSigned`, `changeStatusDelegated`, or `changeStatusDelegatedSigned` was successfully executed. +**MUST** be emitted when `changeStatus`, `changeStatusSigned`, `changeStatusDelegated`, `changeStatusDelegatedSigned`, `changeStatusesInList`, `changeStatusesInListSigned`, `changeStatusesInListDelegated`, or `changeStatusesInListDelegatedSigned` was successfully executed. ```solidity event RevocationStatusChanged( @@ -169,18 +169,6 @@ event RevocationStatusChanged( ); ``` -#### RevocationStatusesChanged -**MUST** be emitted when `changeStatusesInList`, `changeStatusesInListSigned`, `changeStatusesInListDelegated`, or `changeStatusesInListDelegatedSigned` was successfully executed. - -```solidity -event RevocationStatusesChanged( - address indexed namespace, - bytes32 indexed revocationList, - bytes32[] indexed revocationKeys, - bool[] revoked -); -``` - #### RevocationListOwnerChanged **MUST** be emitted when `changeListOwner` or `changeListOwnerSigned` was successfully executed. From e4ee1ec4c14fbeb09731cc251d06997be2dadd8a Mon Sep 17 00:00:00 2001 From: Philipp Bolte Date: Mon, 12 Sep 2022 16:35:13 +0200 Subject: [PATCH 9/9] chore: missing comma --- EIPS/eip-5539.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/EIPS/eip-5539.md b/EIPS/eip-5539.md index 374d4c5c7b9343..eb3e50cac35977 100644 --- a/EIPS/eip-5539.md +++ b/EIPS/eip-5539.md @@ -175,8 +175,8 @@ event RevocationStatusChanged( ```solidity event RevocationListOwnerChanged( address indexed namespace, - bytes32 indexed revocationList - address indexed newOwner, + bytes32 indexed revocationList, + address indexed newOwner ); ```