Re: [Taler] wallet exchange management

[Christian Grothoff]

On 4/8/20 9:59 PM, Torsten Grote wrote:
>> Here's an interesting error case:  What if the exchange and wallet
>> disagree about the auditorBaseUrl and/or auditorName for the same
>> auditorPub?  Will this inconsistency be reported?  Will we just use the
>> auditor public key and ignore the rest?
> I still consider myself rather new to Taler and miss a lot of
> information, but this sounds like we should reject a new exchange if it
> presents inconsistent auditor information.

Not really, an exchange may have had one auditor in the past and might
be transitioning to another for the future. The wallet may trust the
old, the new or both, and should act accordingly. Business-wise it could
be necessary to drop an old auditor (say if the auditor was unqualified
or went out of business), so requiring all denominations to always have
exactly the same set of auditors just doesn't work in the real world IMO.

> Side question: shouldn't auditor information be signed with the
> auditor's private key that corresponds to auditorPub? This wouldn't
> prevent inconsistent information, but at least we know that the auditor
> is to blame for them.

Of course the auditor information is signed with the auditor's key. For
me, inconsistency is if some denominations are signed with auditor A,
others with auditor B and others with A and B (or C). Signatures that
are invalid should simply be reported/discarded, so entries where the
auditor's signature is not valid count *at best* as 'no auditor' (I
would probably rather go as far as to consider that a hard protocol
violation and then we refuse to deal with the exchange).

>> By "active" I mean that this exchange should show up in the list of
>> choices when doing a withdrawal.  Otherwise, every exchange the wallet
>> ever used will be in this list.
> Should we maybe list all exchanges we have available for the currency in
> question and if one can't be used disable selection in the UI along with
> a reason?

That is in line with what I was thinking.

>> Ah "default exchange", again something else that we are implicitly
>> mentioning, but that's not part of any API yet.
> When doing "getWithdrawDetailsForUri" without a "selectedExchange", it
> could just use the default one.
> 
> However, when we other a dedicated exchange management UI, it *might* be
> useful to see which is default and change the default there.

I'd even try to (re)use the same dialog (see my other mail). Good to
show users something they are familiar with, and the dialog can probably
work well for both.

> We could leave this out for now until we find a fee summary solution. Or
> could this be a simple boolean indicating whether the exchange has a
> sane fee structure or not?

Let's first find out if we can even define 'sane fee structure', then we
can figure out how to explain users the case of insanity ;-).

> Would the earliest coin expiration of interest in that list as well?

Yes.

signature.asc
Description: OpenPGP digital signature