[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Taler] denomination manipulation
|
From: |
Christian Grothoff |
|
Subject: |
Re: [Taler] denomination manipulation |
|
Date: |
Fri, 27 Nov 2015 07:56:30 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.3.0 |
On 11/27/2015 01:40 AM, Jeff Burdges wrote:
> On Thu, 2015-11-26 at 19:25 +0100, Christian Grothoff wrote:
>> On 11/26/2015 03:14 PM, Jeff Burdges wrote:
>>> Also, we're offering the /keys API call under the same domain as
>>> other
>>> mint functions, so the mint knows the user's identity when they
>>> offer
>>> this information, and they would anyways if they've few customers.
>>
>> Eh, how? The wallet can (and should) access /keys via Tor.
>
> If the wallet does not cache the denomination keys then you'll have
> access to the session cookies of Tor Browser. If the Tor Browser user
> is paranoid enough to disable even session cookies, which probably
> breaks all shopping anyways, then you can make an educated guess based
> upon traffic and their exit node or the preceding hop in the circuit.
1) well-behaved Mint's don't set/use session cookies; thus:
2) we can certainly disable them client-side for this connection, which
is not the normal connection of the client via the browser window,
but really an administrative operation of the wallet hidden from the
end-user.
3) are you confusing shopping with grabbing /keys? The two happen
at very different times. Shopping often uses sessions, Taler mint
interactions never do.
> If the wallet does cache the denomination keys,
It also does that, yes. Or at least is supposed to eventually -- I don't
think it does today. But more as an optimization.
> then you need to make
> them to login before your web page informs the wallet that it's
> visiting a mint.
First of all, this one is expected to happen rarely.
I agree with you that if one were to browse the web non-anonymously to
find a mint, and does not permit enough delay to obtain good anonymity
before downloading its keys, the mint may conspire with the auditor and
hand out specialized sets of denomination keys to deanonymize users later.
But that's just all you have here: yes, downloading /keys in particular
already requires doing so anonymously.
- Re: [Taler] denomination manipulation, (continued)
- Re: [Taler] denomination manipulation, Florian Dold, 2015/11/26
- Re: [Taler] denomination manipulation, Jeff Burdges, 2015/11/26
- Re: [Taler] denomination manipulation, Christian Grothoff, 2015/11/26
- Re: [Taler] denomination manipulation, Jeff Burdges, 2015/11/26
- Re: [Taler] denomination manipulation, Jeff Burdges, 2015/11/26
- Re: [Taler] denomination manipulation, Sree Harsha Totakura, 2015/11/26
- Re: [Taler] denomination manipulation, Jeff Burdges, 2015/11/26
- Re: [Taler] denomination manipulation, Christian Grothoff, 2015/11/27
- Re: [Taler] denomination manipulation, Christian Grothoff, 2015/11/26
- Re: [Taler] denomination manipulation, Jeff Burdges, 2015/11/26
- Re: [Taler] denomination manipulation,
Christian Grothoff <=
- Re: [Taler] denomination manipulation, Jeff Burdges, 2015/11/27
- Re: [Taler] denomination manipulation, Florian Dold, 2015/11/27
- Re: [Taler] denomination manipulation, Christian Grothoff, 2015/11/27
- Re: [Taler] denomination manipulation, Christian Grothoff, 2015/11/26
Re: [Taler] denomination manipulation, Jeff Burdges, 2015/11/27