[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-docs] branch master updated: p2p issue discovered, resolution pro
From: |
gnunet |
Subject: |
[taler-docs] branch master updated: p2p issue discovered, resolution proposed |
Date: |
Tue, 22 Mar 2022 15:26:21 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository docs.
The following commit(s) were added to refs/heads/master by this push:
new b48976f p2p issue discovered, resolution proposed
b48976f is described below
commit b48976fdbee61d93bba9c091a4f1d499a163d0c6
Author: Christian Grothoff <grothoff@gnunet.org>
AuthorDate: Tue Mar 22 15:26:15 2022 +0100
p2p issue discovered, resolution proposed
---
core/api-common.rst | 45 ++++++++++++--------------
core/api-exchange.rst | 11 ++++---
design-documents/013-peer-to-peer-payments.rst | 35 ++++++++++++++++----
3 files changed, 55 insertions(+), 36 deletions(-)
diff --git a/core/api-common.rst b/core/api-common.rst
index 2390721..1e6362f 100644
--- a/core/api-common.rst
+++ b/core/api-common.rst
@@ -1207,8 +1207,6 @@ within the
};
-
-
.. _TALER_ReserveStatusRequestSignaturePS:
.. sourcecode:: c
@@ -1267,7 +1265,7 @@ within the
struct TALER_ReserveCloseRequestSignaturePS {
/**
- * purpose.purpose = TALER_SIGNATURE_RESERVE_CLOSE
+ * purpose.purpose = TALER_SIGNATURE_WALLET_RESERVE_CLOSE
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
};
@@ -1285,12 +1283,13 @@ within the
struct TALER_PurseRequestSignaturePS {
/**
- * purpose.purpose = TALER_SIGNATURE_PURSE_REQUEST
+ * purpose.purpose = TALER_SIGNATURE_WALLET_PURSE_CREATE
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
struct GNUNET_TIME_AbsoluteNBO purse_expiration;
struct TALER_AmountNBO merge_value_after_fees;
- struct TALER_PrivateContractHash h_contract_terms;
+ struct TALER_PrivateContractHashP h_contract_terms;
+ uint32_t min_age;
};
@@ -1303,9 +1302,7 @@ within the
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
struct TALER_AmountNBO coin_contribution;
- struct GNUNET_TIME_AbsoluteNBO purse_expiration;
- struct TALER_PursePublicKey purse_pub;
- struct TALER_PrivateContractHash h_contract_terms;
+ struct TALER_PursePublicKeyP purse_pub;
};
@@ -1319,9 +1316,9 @@ within the
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
struct TALER_AmountNBO total_purse_amount;
struct TALER_AmountNBO total_deposit_fees;
- struct TALER_PursePublicKey purse_pub;
+ struct TALER_PursePublicKeyP purse_pub;
struct GNUNET_TIME_AbsoluteNBO purse_expiration;
- struct TALER_PrivateContractHash h_contract_terms;
+ struct TALER_PrivateContractHashP h_contract_terms;
};
.. _TALER_PurseMergeSignaturePS:
@@ -1329,15 +1326,11 @@ within the
struct TALER_PurseMergeSignaturePS {
/**
- * purpose.purpose = TALER_SIGNATURE_PURSE_MERGE
+ * purpose.purpose = TALER_SIGNATURE_WALLET_PURSE_MERGE
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
- struct TALER_ReservePublicKey reserve_pub;
struct GNUNET_TIME_AbsoluteNBO merge_timestamp;
- struct GNUNET_TIME_AbsoluteNBO purse_expiration;
- struct TALER_AmountNBO merge_value_after_fees;
- struct TALER_PrivateContractHash h_contract_terms;
- struct TALER_PaytoHash h_wire;
+ struct TALER_PaytoHashP h_wire;
};
@@ -1346,15 +1339,16 @@ within the
struct TALER_AccountMergeSignaturePS {
/**
- * purpose.purpose = TALER_SIGNATURE_ACCOUNT_MERGE
+ * purpose.purpose = TALER_SIGNATURE_WALLET_ACCOUNT_MERGE
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
- struct TALER_PursePublicKey purse_pub;
+ struct TALER_ReservePublicKeyP reserve_pub;
+ struct TALER_PursePublicKeyP purse_pub;
+ struct TALER_AmountNBO merge_amount_after_fees;
struct GNUNET_TIME_AbsoluteNBO merge_timestamp;
struct GNUNET_TIME_AbsoluteNBO purse_expiration;
- struct TALER_AmountNBO merge_value_after_fees;
- struct TALER_PrivateContractHash h_contract_terms;
- struct TALER_PaytoHash h_wire;
+ struct TALER_PrivateContractHashP h_contract_terms;
+ uint32_t min_age;
};
@@ -1366,12 +1360,13 @@ within the
* purpose.purpose = TALER_SIGNATURE_PURSE_MERGE_SUCCESS
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
- struct TALER_ReservePublicKey reserve_pub;
- struct TALER_PursePublicKey purse_pub;
+ struct TALER_ReservePublicKeyP reserve_pub;
+ struct TALER_PursePublicKeyP purse_pub;
struct TALER_AmountNBO merge_amount_after_fees;
struct GNUNET_TIME_AbsoluteNBO contract_time;
- struct TALER_PrivateContractHash h_contract_terms;
- struct TALER_PaytoHash h_wire;
+ struct TALER_PrivateContractHashP h_contract_terms;
+ struct TALER_PaytoHashP h_wire;
+ uint32_t min_age;
};
diff --git a/core/api-exchange.rst b/core/api-exchange.rst
index 03c9c23..203b1c9 100644
--- a/core/api-exchange.rst
+++ b/core/api-exchange.rst
@@ -3000,6 +3000,7 @@ Wallet-to-wallet transfers
Obtain information about a purse. The request header must
contain a *Purse-Request-Signature*. Endpoint used by
the party that did not create the purse.
+ TODO: maybe use POST to /purses/$PURSE_PUB/status instead?
**Request:**
@@ -3007,11 +3008,11 @@ Wallet-to-wallet transfers
:query merge_timeout_ms=NUMBER: *Optional.* If specified,
the exchange
- will wait up to ``timeout_ms`` milliseconds for completion
+ will wait up to ``NUMBER`` milliseconds for completion
of a merge operation before sending the HTTP response.
:query deposit_timeout_ms=NUMBER: *Optional.* If specified,
the exchange
- will wait up to ``timeout_ms`` milliseconds for completion
+ will wait up to ``NUMBER`` milliseconds for completion
of a deposit operation before sending the HTTP response.
:query contract=BOOLEAN: *Optional.* If 'false' is specified,
the exchange will not return the encrypted contract, saving
@@ -3143,7 +3144,7 @@ Wallet-to-wallet transfers
// EdDSA signature of the purse over a
// `TALER_PurseRequestSignaturePS`
- // of purpose ``TALER_SIGNATURE_PURSE_REQUEST``
+ // of purpose ``TALER_SIGNATURE_WALLET_PURSE_CREATE``
// confirming the key
// invariants associated with the purse.
// (amount, h_contract_terms, expiration).
@@ -3213,7 +3214,7 @@ Wallet-to-wallet transfers
ub_sig: DenominationSignature;
// Signature over `TALER_PurseDepositSignaturePS`
- // of purpose ``TALER_SIGNATURE_PURSE_DEPOSIT``
+ // of purpose ``TALER_SIGNATURE_WALLET_PURSE_DEPOSIT``
// made by the customer with the
// `coin's private key <coin-priv>`.
coin_sig: EddsaSignature;
@@ -3291,7 +3292,7 @@ Wallet-to-wallet transfers
// EdDSA signature of the purse over
// `TALER_PurseMergeSignaturePS` of
- // purpose ``TALER_SIGNATURE_PURSE_MERGE``
+ // purpose ``TALER_SIGNATURE_WALLET_PURSE_MERGE``
// confirming that the
// above details hold for this purse.
purse_sig: EddsaSignature;
diff --git a/design-documents/013-peer-to-peer-payments.rst
b/design-documents/013-peer-to-peer-payments.rst
index c44ab34..da4b4bb 100644
--- a/design-documents/013-peer-to-peer-payments.rst
+++ b/design-documents/013-peer-to-peer-payments.rst
@@ -376,6 +376,8 @@ In this protocol variant, the payer is initiating the
process.
3. The payer shares the purse's private key and the base URL
of the exchange where the purse was created with the payee.
This can be done using a ``taler://purse/$BASE_URL/$PURSE_PRIV`` URL.
+ The chapter on ``Refinements'' below clarifies why this
+ step is not quite OK and was modified when implementing the design.
4. The payee uses the new ``/purse/$PURSE_PUB`` endpoint to retrieve
the encrypted contract (if available) and purse balance, which includes all
(coin) deposits and **merges** involving the purse.
@@ -703,7 +705,6 @@ database.)
(merge_request_serial_id BIGSERIAL UNIQUE
,reserve_uuid BYTEA NOT NULL REFERENCES reserves (reserve_uuid) ON DELETE
CASCADE
,partner_serial_id INT8 REFERENCES partners(partner_serial_id) ON DELETE
CASCADE,
- ,reserve_url TEXT NOT NULL,
,reserve_pub BYTEA NOT NULL CHECK (LENGTH(reserve_pub)=32),
,purse_pub BYTEA NOT NULL CHECK (LENGTH(purse_pub)=32),
,reserve_sig BYTEA NOT NULL CHECK (LENGTH(reserve_sig)=64))
@@ -721,8 +722,6 @@ database.)
IS 'identifies the reserve';
COMMENT ON COLUMN mergers.partner_serial_id
IS 'identifies the partner exchange, NULL in case the target reserve lives
at this exchange';
- COMMENT ON COLUMN mergers.reserve_url
- IS 'payto://-URL of the reserve, identifies the exchange and the reserve';
COMMENT ON COLUMN mergers.reserve_pub
IS 'public key of the target reserve';
COMMENT ON COLUMN mergers.purse_pub
@@ -821,7 +820,6 @@ database.)
CREATE TABLE IF NOT EXISTS purse_deposits
(purse_deposit_serial_id BIGSERIAL UNIQUE
,purse_pub BYTEA NOT NULL CHECK (LENGTH(purse_pub)=32),
- ,purse_expiration INT8 NOT NULL
,coin_pub BYTEA NOT NULL REFERENCES known_coins (coin_pub) ON DELETE CASCADE
,amount_with_fee_val INT8 NOT NULL
,amount_with_fee_frac INT4 NOT NULL
@@ -832,8 +830,6 @@ database.)
IS 'Requests depositing coins into a purse';
COMMENT ON COLUMN purse_deposits.purse_pub
IS 'Public key of the purse';
- COMMENT ON COLUMN purse_deposits.purse_expiration
- IS 'When the purse is set to expire';
COMMENT ON COLUMN purse_deposits.coin_pub
IS 'Public key of the coin being deposited';
COMMENT ON COLUMN purse_deposits.amount_with_fee_val
@@ -1071,6 +1067,33 @@ Aside from implementation complexity, the solution has
the following drawbacks:
as the wallet software can trivially ensure that a backup was made of the
account private key before initiating the KYC process.
+
+Refinements
+===========
+
+In the original design, a payer making a payment offer sends the purse private
+key to the payee, so that the payee can sign the merge request with it. This
+creates a security issue, as theoretically the payee could sign a different
+contract with the purse private key, and conspire with the exchange to replace
+the original contract. In this case, the payer would be making a payment to
+the "wrong" contract, and have no proof of the exchange an payee conspiring
+against it.
+
+A simple fix seems possible: instead of having simply one public-private key
+pair for a purse, we have a PayerContractKey and a PurseMergeKey pair. The
payer
+would pay into a purse identified by the PayerContractKey and associate a
+PurseMergeKey with the purse. The payer can then safely share the
+PayeeMergeKey with the payee, as it is ONLY useful for the merge and not to
+sign the contract. Payments would be made into a purse identified by the
+PurseContractKey.
+
+When payments flow in the other direction, the split of the keys seems
+unnecessary (as only a public key is transmitted anyway. However, schema-wise,
+signing the contract with the PurseContractKey and the merge with the
+PurseMergeKey would still work. Only the public PurseContractKey would need
+to be sent to the payer.
+
+
Q / A
=====
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-docs] branch master updated: p2p issue discovered, resolution proposed,
gnunet <=