taler
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] denomination manipulation

From: Christian Grothoff
Subject: Re: [Taler] denomination manipulation
Date: Fri, 27 Nov 2015 08:01:54 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.3.0 
On 11/27/2015 01:48 AM, Jeff Burdges wrote:
> Along this line, there is a partial protection against this attack :
> Merchants should always publish the hash of the signed full list of
> denominations they accept from a particular mint, or maybe the full
> list itself.  And wallets should refuse to work with merchants who's
> list does not appear familiar, even if acceptable denominations exist
> in their list.  

That would make merchants significantly more complex and cost
significant additional bandwidth, and that at a time where performance
is critical.

Also, I don't think it helps/works.
(1) as I said, downloading /keys with anonymity is good enough.
(2) there is no "full list", as the keys do legitimately change
    over time (as old ones expire, new ones are added).  So it
    is in fact possible that they do not match 100%. Which means
    it becomes very hard to define when to reject. And a 99% match
    may theoretically be deadly (if the user got the 1 bad
    self-identifying key in it), while I would expect with key
    rotation a 95% match is perfectly natural. So you can't
    even do this.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]