[taler-docs] branch master updated: expanding on wallet exchange managem

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-docs] branch master updated: expanding on wallet exchange managem

From:	gnunet
Subject:	[taler-docs] branch master updated: expanding on wallet exchange management
Date:	Wed, 29 Jul 2020 12:47:50 +0200

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository docs.

The following commit(s) were added to refs/heads/master by this push:
     new 407837d  expanding on wallet exchange management
407837d is described below

commit 407837def5ee00b78ff8e3ecb0698280be167e61
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Wed Jul 29 12:47:48 2020 +0200

    expanding on wallet exchange management
---
 .../002-wallet-exchange-management.rst             | 93 +++++++++++++++-------
 1 file changed, 63 insertions(+), 30 deletions(-)

diff --git a/design-documents/002-wallet-exchange-management.rst 
b/design-documents/002-wallet-exchange-management.rst
index 33d9857..d70a799 100644
--- a/design-documents/002-wallet-exchange-management.rst
+++ b/design-documents/002-wallet-exchange-management.rst
@@ -93,6 +93,22 @@ Con:
 => Maybe non-permanent exchanges can be "sticky" to some particular
 withdrawal session?
 
+=> CG: Eh, I was expecting there to be a way to remove exchanges at least
+   from the list of _trusted_ exchanges (if I view the full list, maybe
+   with a trash bin or a swipe-to-remove functionality, or maybe on the
+   "detailed view" of the exchange where I can review TOS/PP).
+   Now, if there are coins actively withdrawn from the exchange, that would
+   _only_ remove the exchange from the trusted list (what the user sees),
+   and once all coins have been spent, we could stop refreshing /keys
+   for that exchange and thus truly "deactivate" it. And once all spent coins
+   have been "garbage collected", we can then truly forget about everything.
+   (See above about garbage collection of exchanges.)
+
+   [The auditor list view should also have a similar way to remove auditors.]
+
+   So I'm not sure why you are saying that we are not planning on
+   having a "mechanism to remove exchanges".
+
 
 Proposed Solution
 =================
@@ -367,33 +383,50 @@ Alternatives
 Trust
 =====
 
-Ideally, exchanges come with auditors that are trusted by the wallet and 
therefore the user.
-An exchange responsible for a three-letter currency is required to have an 
auditor,
-as these currencies are assumed to be legal tender in a nation state.
-
-If an exchange and/or an auditor are controlled by an attacker, they can steal 
user's funds.
-Therefore, users should only use "official" auditors responsible for their 
currency.
-As users should not be expected to know which auditors are official
-nor perform technical verification steps, the wallet ships with auditors 
pre-installed.
-
-However, it should be possible to add a custom auditor,
-in case the wallet is outdated or does not have a desired auditor for other 
reasons.
-Since adding custom auditors is dangerous
-and can be used to trick users into using malicious exchanges,
-this operation should be accompanied by appropriate warnings and security 
confirmations.
-
-Taler also supports regional currencies which can have between 4 and 12 
letters.
-These are not required to have an auditor, but using one is encouraged.
-Regional currencies should be shown separate from real currencies in the 
wallet's balance sheet
-and be accompanied by their exchange
-to allow for the fact that different regions or organisations chose the same 
currency code,
-but uses different exchanges to handle the currency.
-
-Open Question: What happens if a regional currency wants to use more than one 
exchange?
-
-When withdrawing money to a regional currency exchange,
-the user should be made aware of the fact that the currency of the exchange is 
not official.
-A warning should be shown if a currency does not have an auditor
-or the auditor is not trusted by the users.
-If the user expressed trust for a regional currency's auditor,
-no further warnings will be shown for the given currency.
+Ideally, exchanges come with auditors that are trusted by the wallet and
+therefore the user.  An exchange responsible for a three-letter currency is
+required to have an auditor, as these currencies are assumed to be legal
+tender in a nation state.
+
+If an exchange and/or an auditor are controlled by an attacker, they can steal
+user's funds.  Therefore, users should only use "official" auditors
+responsible for their currency.  As users should not be expected to know which
+auditors are official nor perform technical verification steps, the wallet
+ships with auditors pre-installed.
+
+It is assumed that -- from the user's point of view -- all auditors for a
+given currency are equivalent and that (modulo fees) there are no significant
+differences between the coins (fungibility) because most merchants will accept
+coins from exchanges of any auditor.  Thus, there is no need for the user
+interface to explicitly show the auditor for audited currencies, and we only
+show the currency code.  This is mandatory for three-letter currencies, but 
also
+expected to hold for other currency codes if an auditor is used.
+
+It must be possible to add a custom auditor, for example in case the wallet is
+outdated, someone is setting up an experimental deployment and wants to test
+it with the wallet, or simply to ensure that the user always has the last word
+about whom to trust.  Since adding custom auditors is dangerous and can be
+used to trick users into using malicious exchanges, this operation should be
+accompanied by appropriate warnings and security confirmations.
+
+Taler also supports regional currencies which are represented using currency
+codes between 4 and 12 letters.  These are not required to have an auditor.
+Regional currencies should be shown separate from real currencies in the
+wallet's balance sheet. If a regional currency does not have an auditor, its
+balance display in the user interface will be accompanied by their exchange's
+URL to allow for the fact that different regions or organisations may choose
+the same currency code, but use different and non-interoperable exchanges to
+handle the independent currencies.
+
+If a regional currency wants to use more than one exchange, it must use an
+auditor. In this case, operators must ensure that from the user's point of
+view, the coins of the different exchanges are interoperable.  If a regional
+exchange has an auditor, the regional currency code will be shown together
+with the URL of the auditor instead of the URL of the exchange.
+
+When withdrawing money from a regional currency exchange, the user should be
+made aware of the fact that the currency of the exchange is not "official".  A
+warning should be shown if a currency does not have an auditor or the auditor
+is not trusted by the users.  If the user expressed trust for a regional
+currency's auditor or a regional currency's exchange, no further warnings will
+be shown for the given currency.

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[taler-docs] branch master updated: expanding on wallet exchange management, gnunet <=

Prev by Date: [taler-wallet-core] branch master updated: test cases
Next by Date: [taler-wallet-core] branch master updated: Add more checks to new withdrawal API test
Previous by thread: [taler-wallet-core] branch master updated: test cases
Next by thread: [taler-wallet-core] branch master updated: Add more checks to new withdrawal API test
Index(es):
- Date
- Thread