| Internet-Draft | Abbreviated Title | February 2025 |
| Chin | Expires 22 August 2025 | [Page] |
This document proposes a implementation standard for mapping wallets to domain names using the new WALLET RRType, allowing for TXT record fallback while the WALLET RRType propagates through DNS providers. The goal is to provide a secure and scalable and unbiased way to associate wallets with domain names, enabling seamless lookup as well as suggesting required authentication mechanism. The proposal relies on DNSSEC or security successors to ensure trust and security.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 22 August 2025.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
There is fragmentation in the mapping of Web3 Wallets to Domain Names [RFC1034]. This document is putting forth a implementation standard to map Web3 Wallet addresses to Domain Names and investigates the associated security and technical concerns.¶
As the use of digital wallets and online services grows, the need for a standardized way to lookup wallet addresses in an human readable format becomes increasingly important. This proposal aims to provide a solution that is easy to implement, scalable, unbiased, standardized and secure.¶
The proposed Notational Implementation involves using the DNS WALLET RRtype [WALLET-IANA-RRTYPE] to map a domain name on the Global DNS system to wallet address information. The WALLET record will contain a object that maps the wallet address to the registered coin type token [SLIP-0044]. It will also handles multiple wallet addresses and chain, defaults and defines a heirarchy to deterministicly be able to find the appropriate wallet address. It is assumed that the record will be part of a DNSSEC [RFC4033] [RFC9364] signed zonefile, or its security successors, and that users of this service will verify the signatures to ensure that the record has been returned without alteration in flight. This implementation proposal is evolutionary to the the description in [WALLET-IANA-RRTYPE] because it defines standards for coin names, defaults, and conditions for rejection, in order to have consistant usages.¶
We also propose a fallback TXT record "_w3addr" which will be a backup for the WALLET RRtype and CAN duplicate the WALLET RRtype entries. This is intended to be a temporary measure while DNS Provider UIs support this type [RFC3597].¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document will refer to Domain Name terminology [RFC9499].¶
The WALLET or TXT record SHALL have the following format:¶
@ IN WALLET "coin1:address1"
@ IN TXT "coin1:address1"
¶
item = (coin_name) ":" address
coin_name = (letter | digit | "_")
address = (letter | digit)+
letter = "A" | "B" | "C" | "D" | "E" | "F" | "G"
| "H" | "I" | "J" | "K" | "L" | "M" | "N"
| "O" | "P" | "Q" | "R" | "S" | "T" | "U"
| "V" | "W" | "X" | "Y" | "Z" | "a" | "b"
| "c" | "d" | "e" | "f" | "g" | "h" | "i"
| "j" | "k" | "l" | "m" | "n" | "o" | "p"
| "q" | "r" | "s" | "t" | "u" | "v" | "w"
| "x" | "y" | "z"
digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9"
¶
This grammar can be used to parse the input string and extract the chain identifier and addresses.¶
Suppose a user wants to map their wallet with the public keys to the domain example.com using the registered coin type tokens BTC, SOL and ETH. The WALLET record would be:¶
@ IN WALLET "BTC:0x1234567890abcd"
@ IN WALLET "SOL:0x567890123456789"
@ IN WALLET "ETH:0x987654321098765"
¶
Suppose a user wants to map their wallet with the public keys to the domain example.com using the registered coin type tokens BTC, SOL and ETH using a TXT record. The TXT record would be:¶
_waddr IN TXT "BTC:0x1234567890abcd"
_waddr IN TXT "SOL:0x567890123456789"
_waddr IN TXT "ETH:0x987654321098765"
¶
To support multiple coins, multiple coin:address pairs will each be represented by a WALLET record. There is no guarantees on ordering the records so overlapping records MAY be ordered at the resolver's discretion. In the event of duplicate coin types it is RECOMMENDED that multiple records be returned deduplicated for identical addresses.¶
Wallet resolver implementations of this RFC SHALL:¶
To ensure the security of the mapping, the following measures will be taken:¶
If the source of the DNS zone is compromised, the wallet address mapping is compromised. It is imperative that this not occur for both DNS stability, as well as wallet mapping Notationaly using DNS.¶
This proposal does not require IANA changes.¶
Here is an example of how to create and retrieve a WALLET records using the domain name:¶
import dns.resolver.wallet
# Retrieve the WALLET record
record = dns.resolveWallet("example.com", "BTC")
print(record.value) # Output: "0x1234567890abcdef"
xs¶
Thanks to all of the contributors for contributions to security and clarity.¶
Reviewed by:¶