[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Taler] denomination manipulation
|
From: |
Jeff Burdges |
|
Subject: |
Re: [Taler] denomination manipulation |
|
Date: |
Sun, 06 Dec 2015 20:12:37 +0100 |
I cleared this up with Christian when we chatted in person.
We agree that denomination manipulation attacks exist of course, but I
hadn't understood one important point that mitigates them in practice:
The wallet needs to cache /keys lookups anyways since verifying the
auditor signatures is overhead we do not want to pay frequently. I'd
interpreted Christian's comments as saying that browser caching
imparted some security to /keys lookups, which is false.
Also, we agree that denomination manipulation attacks depend upon
explicit integration between the bank and the mint, meaning either the
tight integration where the bank is the mint, or a looser integration
where the bank forwards the user to the mint to do their withdrawal.
If there is no integration, like in our current plans, then afaik TBB
should use different circuits, cookies, etc. for the mint and bank, so
the user should be okay even if they visit the bank first and then
immediately visit the mint. If we gain an integration partner, then we
simply need to ensure that wallets track their /keys state
independently of user activity. We want almost that anyways since
wallets need to refresh coins periodically.
Jeff
On Sat, 2015-12-05 at 18:08 +0100, Christian Grothoff wrote:
> Please don't forget to reply to yourself on the Taler list about
> /keys...
signature.asc
Description: This is a digitally signed message part