Pillar 2: Security - Wallet Selection

[tlodderstedt]

I'm not sure what the security objective of this section is. I guess it is about the authenticity and trustworthiness of the wallet?

If so, I would suggest to spell that out and also describe how the measures describe contribute to that objective as well as which party in an ecosystem should apply those measures.

In general, this section would benefit from a more comprehensive description. For example, I'm not sure what is meant by "Secure connections and end-point management".

I'm also not sure, what role brute force attacks play in the context of this security objective. I guess this is more related to an adversary trying to break the user authentication of a wallet in order to steal data and/or impersonate the holder (?).

I would also argue "Man-in-the-Middle Attacks" deserve a dedicated section. I would assume those kind of attacks will be handled on the protocol level.

[andy-tobin]

Above noted, thanks. Likely this will need to go into a 2nd version of the paper as it could be quite comprehensive if, for example, a dedicated section is created for MITM attacks. Also noting that this is designed to be a high level paper that is digestible by non-experts, therefore we don't want to go to deep.

The SIG call attendees note that MITM attacks won't just be at the protocol level.