[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-docs] branch master updated: expanding on wallet exchange managem
From: |
gnunet |
Subject: |
[taler-docs] branch master updated: expanding on wallet exchange management |
Date: |
Wed, 29 Jul 2020 12:47:50 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository docs.
The following commit(s) were added to refs/heads/master by this push:
new 407837d expanding on wallet exchange management
407837d is described below
commit 407837def5ee00b78ff8e3ecb0698280be167e61
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Wed Jul 29 12:47:48 2020 +0200
expanding on wallet exchange management
---
.../002-wallet-exchange-management.rst | 93 +++++++++++++++-------
1 file changed, 63 insertions(+), 30 deletions(-)
diff --git a/design-documents/002-wallet-exchange-management.rst
b/design-documents/002-wallet-exchange-management.rst
index 33d9857..d70a799 100644
--- a/design-documents/002-wallet-exchange-management.rst
+++ b/design-documents/002-wallet-exchange-management.rst
@@ -93,6 +93,22 @@ Con:
=> Maybe non-permanent exchanges can be "sticky" to some particular
withdrawal session?
+=> CG: Eh, I was expecting there to be a way to remove exchanges at least
+ from the list of _trusted_ exchanges (if I view the full list, maybe
+ with a trash bin or a swipe-to-remove functionality, or maybe on the
+ "detailed view" of the exchange where I can review TOS/PP).
+ Now, if there are coins actively withdrawn from the exchange, that would
+ _only_ remove the exchange from the trusted list (what the user sees),
+ and once all coins have been spent, we could stop refreshing /keys
+ for that exchange and thus truly "deactivate" it. And once all spent coins
+ have been "garbage collected", we can then truly forget about everything.
+ (See above about garbage collection of exchanges.)
+
+ [The auditor list view should also have a similar way to remove auditors.]
+
+ So I'm not sure why you are saying that we are not planning on
+ having a "mechanism to remove exchanges".
+
Proposed Solution
=================
@@ -367,33 +383,50 @@ Alternatives
Trust
=====
-Ideally, exchanges come with auditors that are trusted by the wallet and
therefore the user.
-An exchange responsible for a three-letter currency is required to have an
auditor,
-as these currencies are assumed to be legal tender in a nation state.
-
-If an exchange and/or an auditor are controlled by an attacker, they can steal
user's funds.
-Therefore, users should only use "official" auditors responsible for their
currency.
-As users should not be expected to know which auditors are official
-nor perform technical verification steps, the wallet ships with auditors
pre-installed.
-
-However, it should be possible to add a custom auditor,
-in case the wallet is outdated or does not have a desired auditor for other
reasons.
-Since adding custom auditors is dangerous
-and can be used to trick users into using malicious exchanges,
-this operation should be accompanied by appropriate warnings and security
confirmations.
-
-Taler also supports regional currencies which can have between 4 and 12
letters.
-These are not required to have an auditor, but using one is encouraged.
-Regional currencies should be shown separate from real currencies in the
wallet's balance sheet
-and be accompanied by their exchange
-to allow for the fact that different regions or organisations chose the same
currency code,
-but uses different exchanges to handle the currency.
-
-Open Question: What happens if a regional currency wants to use more than one
exchange?
-
-When withdrawing money to a regional currency exchange,
-the user should be made aware of the fact that the currency of the exchange is
not official.
-A warning should be shown if a currency does not have an auditor
-or the auditor is not trusted by the users.
-If the user expressed trust for a regional currency's auditor,
-no further warnings will be shown for the given currency.
+Ideally, exchanges come with auditors that are trusted by the wallet and
+therefore the user. An exchange responsible for a three-letter currency is
+required to have an auditor, as these currencies are assumed to be legal
+tender in a nation state.
+
+If an exchange and/or an auditor are controlled by an attacker, they can steal
+user's funds. Therefore, users should only use "official" auditors
+responsible for their currency. As users should not be expected to know which
+auditors are official nor perform technical verification steps, the wallet
+ships with auditors pre-installed.
+
+It is assumed that -- from the user's point of view -- all auditors for a
+given currency are equivalent and that (modulo fees) there are no significant
+differences between the coins (fungibility) because most merchants will accept
+coins from exchanges of any auditor. Thus, there is no need for the user
+interface to explicitly show the auditor for audited currencies, and we only
+show the currency code. This is mandatory for three-letter currencies, but
also
+expected to hold for other currency codes if an auditor is used.
+
+It must be possible to add a custom auditor, for example in case the wallet is
+outdated, someone is setting up an experimental deployment and wants to test
+it with the wallet, or simply to ensure that the user always has the last word
+about whom to trust. Since adding custom auditors is dangerous and can be
+used to trick users into using malicious exchanges, this operation should be
+accompanied by appropriate warnings and security confirmations.
+
+Taler also supports regional currencies which are represented using currency
+codes between 4 and 12 letters. These are not required to have an auditor.
+Regional currencies should be shown separate from real currencies in the
+wallet's balance sheet. If a regional currency does not have an auditor, its
+balance display in the user interface will be accompanied by their exchange's
+URL to allow for the fact that different regions or organisations may choose
+the same currency code, but use different and non-interoperable exchanges to
+handle the independent currencies.
+
+If a regional currency wants to use more than one exchange, it must use an
+auditor. In this case, operators must ensure that from the user's point of
+view, the coins of the different exchanges are interoperable. If a regional
+exchange has an auditor, the regional currency code will be shown together
+with the URL of the auditor instead of the URL of the exchange.
+
+When withdrawing money from a regional currency exchange, the user should be
+made aware of the fact that the currency of the exchange is not "official". A
+warning should be shown if a currency does not have an auditor or the auditor
+is not trusted by the users. If the user expressed trust for a regional
+currency's auditor or a regional currency's exchange, no further warnings will
+be shown for the given currency.
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-docs] branch master updated: expanding on wallet exchange management,
gnunet <=