add security docs content

paolino · paolino · commit f6d42e2874a6 · 2022-07-19T10:10:12.000+02:00
diff --git a/docs/concepts.md b/docs/concepts.md
@@ -7,12 +7,14 @@ order: 2
 1. Cryptographic Keys
     - [[recovery-phrases]]
     - [[master-key-generation]]
-2. Address Management
+2. Security
+    - [[security]]
+3. Address Management
     - [[hierarchical-deterministic-wallets]]
     - [[address-derivation]]
     - [[byron-address-format]]
-3. Balances and transaction history
+4. Balances and transaction history
     - [[utxo]]
-4. Transaction submission
+5. Transaction submission
     - [[coin-selection]]
     - [[transaction-lifecycle]]
diff --git a/docs/user-guide/security.md b/docs/user-guide/security.md
@@ -0,0 +1,9 @@
+## Wallet security considerations
+
+The cardano-wallet HTTP service is designed to be used by trusted users only. _Any other use is not supported or planned_ .
+
+In order to ensure that only trusted users may access the HTTP service, cardano-wallet uses TLS client certificate authentication. For example, this is how the Daedalus wallet frontend ensures that only this frontend can access the cardano-wallet API. In other words, trust is established through a TLS client certificate. Such certificates need to be placed in the disk storage used by the cardano-wallet process before the HTTP service is started.
+
+It’s worth mentioning that a trusted user can attack the wallet through the HTTP service in many ways, they can also view sensitive information, delete a wallet’s store, etc. Thus, as soon as an attacker is able to become a trusted user.
+
+It’s also worth mentioning that a trusted user that can access the HTTP API is not able to spend funds of the wallet without gaining access to additional information such as the passphrase or the wallet secret key. TLS prevents eavesdropping on the passphrase, and the wallet secret key is encrypted by the passphrase.
