Description
Hi everyone, this came up during a discussion with @johannhof, and we also talked about it with @asharif since we are preparing the Security Considerations section. I saw some discussions, but having a dedicated place to reflect and understand is worth it.
Essentially, as a DC API (a tool the user uses), what kind of trust relationship do we want to have with the Wallet (another tool the user uses)? Do we fundamentally distrust the website because it is an untrusted external entity? Is the trust relationship the same in both directions?
I think it's the case of a government wallet, or a wallet that I can install because I like it (or because I compiled it myself).
This brief reflection is the basis for deciding where and what mitigations to implement.
In the following diagram, there is trust between the two (if I need to make the diagram better, just let me know)
The following diagram (taken from the current draft of the Threat Model for the Web) shows no default trust between the browser and other software.
Related to #263 (@johannhof let me know if it is better to move in the another issue the discussion)
[cc'ing @npdoty]