[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Taler] denomination manipulation
|
From: |
Sree Harsha Totakura |
|
Subject: |
Re: [Taler] denomination manipulation |
|
Date: |
Sat, 28 Nov 2015 17:35:19 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
On 11/28/2015 05:22 AM, Jeff Burdges wrote:
> Wallets do not just randomly perform /keys requests of all taler
> mints in existence. Wallets must make /keys queries in response to
> an HTML page that alerts them to a new mint. A priori, there is
> every reason to expect them to do this for old mints too, as Taler
> is mostly RESTful. An adversary controls that HTML page.
I guess there is a misunderstanding here. The wallets are not supposed
to add a mint just because a merchant webpage has provided a payment
option supported through that mint. The mint should be added by the
user into the wallet long before the user wants to use wallet. For this
reason, the wallet will never add an unknown mint automatically. This
action cannot be triggered without user involvement at the wallet.
The wallet *may* alert the user that the merchant is using a mint which
is not configured in the wallet. Then, if the user adds that mint to
his wallet, the wallet then accesses the /keys of that mint and here
there is weak possibility that your correlation based attack can happen,
even though the user request comes through Tor. (Note that, if any other
party access the mint in this short time, the fraud of the mint can be
discovered.) However, this can be avoided by a warning in the wallet.
Moreover, we envision that there will be a small number of mints with
good reputation and hence gain widespread usage. The details of these
mints could be, as Florian said, published in newspapers, as QR codes in
advertisements, etc. The user after installing the wallet (the wallet
*may* come with a default mint pre-configured) configures a mint of his
choice, then creates a reserve and once the reserve is created,
withdraws coins. Only then is the wallet ready to be used to pay merchants.
You may also note that, for a user to pay at a merchant, the wallet
solely limits its interaction to the merchant. A precondition to
successfully pay the merchant is that the wallet has enough coins from a
mint which the merchant supports. It DOES NOT need to contact the mint
at this point.
Hope this clarifies.
Regards,
Sree
- Re: [Taler] denomination manipulation, (continued)
- Re: [Taler] denomination manipulation, Christian Grothoff, 2015/11/26
- Re: [Taler] denomination manipulation, Jeff Burdges, 2015/11/26
- Re: [Taler] denomination manipulation, Christian Grothoff, 2015/11/27
- Re: [Taler] denomination manipulation, Jeff Burdges, 2015/11/27
- Re: [Taler] denomination manipulation, Florian Dold, 2015/11/27
- Re: [Taler] denomination manipulation, Christian Grothoff, 2015/11/27
- Re: [Taler] denomination manipulation, Christian Grothoff, 2015/11/26
Re: [Taler] denomination manipulation, Jeff Burdges, 2015/11/27