taler
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] denomination manipulation


From: Christian Grothoff
Subject: Re: [Taler] denomination manipulation
Date: Sat, 28 Nov 2015 12:43:54 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.3.0

1) RESTful API with 'GET" over HTTP implies that HTTP cache control
   is always a possibility; for /keys, this was made an explicit
   requirement a month ago:
   https://gnunet.org/bugs/view.php?id=4036
   (we tend update the spec based on what is implemented)

2) The fact that denomination keys change over time is ancient and
   part of basic operations; while we don't have a mint operators
   manual listing procedures explicitly, the feature is documented:
   https://gnunet.org/bugs/view.php?id=3634
   man taler-mint-keyup

So the question is more what you consider "the spec": man pages? Bug
reports on missing features? Or just api.taler.net (where yes, there I
think it is not yet explicit, pending #4036's resolution).

On 11/28/2015 05:22 AM, Jeff Burdges wrote:
> Alright, I'll grant that, if /keys actually auto-updates for say the
> mints for which the wallet holds coins, then over time the majority of
> /keys accesses will not be correlated to web page activity.  I believe
> that this should be enough to protect *existing* users against
> denomination manipulation attacks.*
> 
> This is NOT a part of the spec though, neither is cashing of /keys. 
>  You're wrong to complain that I'm highlighting these issues.  



reply via email to

[Prev in Thread] Current Thread [Next in Thread]