[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] repurchase detection

From: Christian Grothoff
Subject: Re: [Taler] repurchase detection
Date: Fri, 19 Feb 2016 17:33:05 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.5.0

On 02/19/2016 05:26 PM, Florian Dold wrote:
> On 02/19/2016 04:13 PM, Christian Grothoff wrote:
>> On 02/19/2016 02:00 PM, Florian Dold wrote:
>>> Should we use the hostname of the fulfillment URL?  The hostname of the
>>> site that offered the contract (with taler-confirm-contract) in the
>>> first place?  What if the merchant's hostname changes?
>> It's much simpler. The contract proposals are signed by the merchant's
>> public key, so just include the merchant's public key.
> Hmm.  That makes the assumption that the merchant has only one key.
> This is true in the current implementation, but we should make it clear
> that we make this assumption and that the repurchase detection mechanism
> won't work anymore if the merchant rotates keys.
> What will happen more often, merchants changing their shop domain or
> merchants rotating keys?

Merchants that change the key are in pains on various fronts:
1) tracking requires the key
2) refunds require the key
3) bookmarks would now also require a stable key

Anyway, except due to key compromise, I cannot quite see a reason for
rotating this key much, and then the merchant simply needs a strategy to
manage his keys and associated contracts.  But like when the merchant
changes hosts, there are things we cannot fix.  However, at least with
this we don't start to depend on DNS ;-).

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]