[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Taler] A newbie's questions about TALER
|
From: |
Özgür Kesim |
|
Subject: |
Re: [Taler] A newbie's questions about TALER |
|
Date: |
Mon, 18 Mar 2024 20:03:07 +0100 |
Hi Thomas,
great questions! I can answer at least the questions re: age
restrictions (inlined).
Thus spake Bellebaum, Thomas (thomas.bellebaum@aisec.fraunhofer.de):
> ### Age restrictions...
>
> This may be a cultural difference and is less technical critique, but having
> grown up in Germany there are a few reasons I have to not support this
> protocol:
>
> - Effectiveness:
> - If my child earns a few bucks doing work in my neighbours garden (or any
> other way) I do not get to set age restrictions on those coins unless I
> control their entire wallet.
We already enforce a variant of withdraw with age-restriction, whenever
a reserve has a birthday associated with it. In this case, the wallet
has to (ZK-)proof that has the appropriate age restrictions set. See
https://docs.taler.net/core/api-exchange.html#withdraw-with-age-restriction
for details.
Most wallets will have to go through a KYC process for their long-term
reserve, aka wallet, once, f.e. before they can receive peer-to-peer
payments, due to legal requirements (at least in Germany).
What we will introduce also, is the ability to transitively bind to
_another_ wallet the same KYC information, but allow to set a _lower_
birthday at the same time (making the wallet's owner _younger_). This
allows, f.e., for a parent to set the associated birthday of the wallet
of the child. The child can then receive funds via wire transfers or
peer-to-peer payments and age restriction will be enforced. Also, note,
that age restricted coins withdrawn this way, will always accurately
reflect the child age.
(See Draft https://docs.taler.net/design-documents/045-kyc-inheritance.html
for more details on this transitive KYC inheritance.)
> - If I ever allow my child to buy something not for their age, I have to
> give them unrestricted coins which they may then use for anything they like.
Not quite, you would have multiple options: You could assist your child
during the withdraw process on their wallet and make sure it chooses the
"correct" age. You could also generate and withdraw the coins yourself,
with appropriate age restriction set, on you wallet and pass the signed
> - Potential for misuse:
> - As a real-world scenario, refugees in Germany currently are being
> equipped with special bank cards restricting their use of their money. Age
> restriction technology like this can trivially be adapted to make this
> happen, at probably much lower costs. The proposed protocol also enforces
> refugees to lay open their status as a refugee, opening them up to physical
> threats.
We were very aware of this threat during design and implementation of
age-restriction. From an abstract point of view, we simply bind
arbitrary data to the coins. This can be used to encode any information
and misused in ways you mentioned and many more such (see previous
discussions on this mailing list on that very topic).
FWIW, our implementation of age restriction in GNU Taler is quite
specific in its operation (signature verification in combination with
arithmetical comparisons), not generic.
But we should not forget our premise: age restriction is already a
requirement at many online and offline stores, and right now require
some form of disclosure of identity. Our scheme provides a privacy
preserving option that society can choose to adopt.
> - Alternatives:
> - I would actually prefer a digital solution (e.g. based on wallets) which
> mimics the following scenario (e.g. using zero knowledge proofs): If my child
> wants to buy a DVD not suitable for their age (let's be old-fashioned for a
> moment ^^), I can write a statement saying that I am their parent and
> explicitly allow this transaction.
> - Note that the above is an even better fit to the principle of subsidiary,
> since even with age restrictions it is the state setting age restrictions on
> individual products, not me. One degree of freedom hardly fits all use cases.
Of course, (privacy preserving) identity management systems are also an
_additional_ option to implement age restriction, and there exist
proposals to make this in a privacy preserving manner, similar to your
description.
As you expressed so well: One degree of freedom hardly fits all use
cases, and I think it is good to provide _multiple_ options from which
society, merchants or individuals can choose, based on their needs and
other requirements. For example, paying for an online game with
age-restricted coins might be fine and easy, but a liquor store will not
be allowed to sell hard liquor to your child, neither with a statement
of consent nor age-restricted coins.
> To some extend one could also argue that technical restrictions on a
> child are less effective than a good relationship to their parents.
> Especially since the protocol has to keep one thing in mind: A child
> has, as it gets older, an increasing desire (and quite literally
> right) to keep some privacy when it comes to their parents.
I fully agree. And I think our solution to age restriction in GNU Taler
does not interrupt such a trustful relationship, as it allows the parent
to act out its trust by setting the birthday (on the child's wallet) or
the age restrictions (on coins) accordingly.
> If these points are not oversights, then what is the exact relation of a
> "guardian" and "child" for which these protocols were designed? (E.g. is it
> assumed that parents control their children's wallets/phones?)
The age-restriction as described in the paper does actually not go into
the details of how guardian and an child would interact. The protocol
defined there could be performed on the guardian's wallet (who would
withdraw coins with age restrictions and pass them on to the child
somehow) OR it could be performed on the child's wallet, with assistance
of the guardian who would make sure that the appropriate
age-restrictions were set for the withdrawal operation.
But as I described above, in the future, KYC-requirements and
transitive-KYC will bind birthday information to a wallet (aka long-term
reserve) and age-restriction will be enforced with (age-)withdraw. (If
age-restriction is actually enabled on the exchange, at all).
Hope this makes sense and clarifies some aspects.
Cheers,
Özgür
signature.asc
Description: PGP signature