[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Taler] mint base URL subtleties
|
From: |
Florian Dold |
|
Subject: |
Re: [Taler] mint base URL subtleties |
|
Date: |
Sat, 12 Dec 2015 18:10:10 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 |
On 12/12/2015 05:54 PM, Christian Grothoff wrote:
> On 12/12/2015 05:08 PM, Florian Dold wrote:
>> On Dec 11, 2015 23:52, "Christian Grothoff" <address@hidden> wrote:
>>>
>>> Tricky. How do you know it should be http://, and not https://? I think
>>> if we don't do 1a, then at least we should default to https. Asking a
>>> mint to run https or fail on auto-completion is better than using http
>>> with a mint that does offer https.
>>
>> Sure, I agree. A fancier mint could even probe for https and fall back to
>> http.
>
> No, that would enable a downgrade attack.
Sure, we can be extra conservative here.
>> This makes kinda sense, as long as the fancy version of the wallet offers
>> to merge mints with different URLs but the same key.
>
> Why? "merging" would not change anything, except us fetching /keys twice
> and us offering two mints in the list of all mints to the user.
It makes sense from a UX perspective. A user is likely to be very
confused if they view details for a mint in the wallet and it looks like
all their reserves/coins are gone, when in fact they're just in a
"different" mint with an extra/missing "s".
- Florian