Adressing comments

Signed-off-by: Guillaume Grosbois <guillaume.grosbois@uniswap.org>
ethereum · Sep 17, 2024 · b82a1a2 · b82a1a2
1 parent 802c11d
commit b82a1a2
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/ERCS/erc-7754.md b/ERCS/erc-7754.md
@@ -54,7 +54,7 @@ We propose to use the dapp's domain certificate of a root of trust to establish
 
 1. The user's browser verifies the domain certificate and displays appropriate warnings if overtaken
 2. The DNS record of the dapp hosts a TXT field pointing to a URL where a JSON manifest is hosted
-   - This file SHOULD be at a well known address such as `https://domain.com/.well-known/twit.json`
+   - This file SHOULD be at a well known address such as `https://example.com/.well-known/twit.json`
 3. The config file contains an array of objects of the form `{ id, alg, publicKey }`
 4. For signed requests, the dapp first securely signs the payload with a private key, for example by submitting a request to its backend
 5. The original payload, signature, and public key id are sent to the wallet via the `wallet_signedRequest` RPC method
@@ -66,21 +66,21 @@ We propose to use the dapp's domain certificate of a root of trust to establish
 
 Attested public keys are necessary for the chain of trust to be established.
 Since this is traditionally done via DNS certificates, we propose the addition of a DNS record containing the public keys.
-This is similar to DKIM, but the use of a manifest file provides more flexibility for future improvements, as well as support for multiple algorithm and key pairs.
+This is similar to [RFC-6636](https://www.rfc-editor.org/rfc/rfc6376.html)'s DKIM, but the use of a manifest file provides more flexibility for future improvements, as well as support for multiple algorithm and key pairs.
 
-Similarly to standard JWT practices, the wallet could eagerly cache dapp keys.
+Similarly to standard [RFC-7519](https://www.rfc-editor.org/rfc/rfc7519.html)'s JWT practices, the wallet could eagerly cache dapp keys.
 However, in the absence of a revocation mechanism, a compromised key could still be used until caches have expired.
 To mitigate this, wallets SHOULD NOT cache dapp public keys for more than 2 hours.
 This practice establishes a relatively short vulnerability window, and manageable overhead for both wallet and dapp maintainers.
 
-Example DNS record for `my-crypto-dapp.org`:
+Example DNS record for `my-crypto-dapp.invalid`:
 
 ```txt
 ...
 TXT: TWIT=/.well-known/twit.json
 ```
 
-Example TWIT manifest at `https://my-crypto-dapp.org/twit.json`:
+Example TWIT manifest at `https://my-crypto-dapp.invalid.com/twit.json`:
 
 ```json
 {
@@ -127,7 +127,7 @@ type RequestPayload<Params> = { method: string; params: Params };
 
 type SignedRequestParameters<Params> = [
   requestPayload: RequestPayload<Params>,
-  signature: `0x${string}`, // TODO: Is this the format we want?
+  signature: `0x${string}`,
   keyId: string,
 ];
 ```