Re: [Taler] Hello

[Christian Grothoff]

On 12/05/2016 05:45 PM, Joerg Baach wrote:
>> > No, as the refresh will convert the unusual reminder into many small
>> > coins of more canonical denominations, i.e. if the reminder is 3.1415,
> But the issuer/exchange would still get some information, e.g. if the
> merchant deposited a value of 6.8584, and somebody shows up wanting to
> refresh 3.1415, these two participants are somewhat likely to have
> participated in the same transaction. I know, TOR might help.

Exactly, as Jeff pointed out, either the refresh has to be transmitted
via the merchant (NFC) or via an anonymous channel (i.e. Tor).

>> > behalf.  Also, in the ordinary course of the protocol, the merchant
>> > should sign a response saying that he received the payment "in good
>> > order", which further shortcuts any discussions about the validity.
> Ok, so is it the customers responsibilty to find a way to link the
> merchants key to the legal entity of the merchant, or is it the exchange
> who signed the merchants key?

Once Ed25519 keys are properly supported by X.509 (IETF draft exists),
the plan is that the merchant's public key is authenticated the same way
that the Web site itself is, namely X.509.  The Wallet is ultimately
supposed to find it in the X.509 certificate it got via TLS.

However, how to do this in a meaningful way for NFC is an open problem.
But of course the risk that the merchant may fail to fulfill the
contract is minimal for an in-person purchase anyway, so likely this
"problem" just does not need to be solved.

signature.asc
Description: OpenPGP digital signature