15:00-16:30 Wallet Governance Agenda
- What is the definition of “Governance” for wallet?
- A shared understanding of Governance with regard to wallets
- How can wallets be developed securely? (supply chain management of software and hardware and key and privacy management),
- How can wallet providers balance with regulatory requirements, especially KYC and AML/CFT measures?
- Wallet Governance and Policy Study Report by BGIN (30 minuites) by Saki and Mitchell
- Presentation of the summary of this report and share the purpose of this paper: provide comprehensive description of crypto wallets that discuss pros and cons of each type of wallets in terms of security, privacy, and usability, as a first step
- Biometric Key Management
- Technical biometric bound wallet technologies
- Wallet Governance and Use Case Mapping
- How can wallets be developed securely? (30 minutes)
-
Overview of the Cryptographic Module Validation Program (CMVP)
- Do crypto wallets need specified requirements for cryptographic modules, including cryptographic algorithms, physical security, key management, authentication methods, software and firmware integrity, design assurance, etc?
- How can we ensure that crypto wallets undergo rigorous testing in accredited labs to ensure they meet the specified requirements? Who are the accredited labs?
-
Software supply chain
- Open source projects: Opensource library, framework, and package need to be regularly audited and updated by the community that develops them.
- Version management: All versions of wallet software should require security patches and updates after release and all code changes should be tracked with the use of version control systems. Do all open source projects meet this requirements?
- Security Audits: Who will be responsible for external security aduits?
-
Hardware supply chain
- How can we ensure the reliability of hardware manufacturers? Do we have audits of the manufacturing process and transparency throughout the supply chain for crypto wallets? (especially secure chips to protect private keys)
- The firmware of hardware wallets should be updated regularly. Should the firmware update process involve security measures such as encryption and digital signatures to ensure updates come from a trusted source?
-
Security of LN supported wallets
- Discuss technical and operational difficulties specific to LN supported wallets
- How can wallets balance with regulatory requirements? (30 minutes)
- Continue discussion about regulatory uncertainty for wallets in the last session
- Presentation of the summary of “Accountable Wallet” paper by Masato Y or Mitchell
- Would you see a potential in building a reputation system on Bitcoin
- Self Custodial Wallet Providers
- Accountable Wallet Solutions
- Any other measures that are being discussed in the bitcoin community?
- Next steps
- Create new minimum requirements for cryptographic modules used in crypto wallets
- Discuss further how we can establish a third-party validation program for crypto wallets - Could we standardize the program through ISO potentially?