[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Taler] repurchase detection
|
From: |
Florian Dold |
|
Subject: |
Re: [Taler] repurchase detection |
|
Date: |
Fri, 19 Feb 2016 17:26:35 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 |
On 02/19/2016 04:13 PM, Christian Grothoff wrote:
> On 02/19/2016 02:00 PM, Florian Dold wrote:
>> Should we use the hostname of the fulfillment URL? The hostname of the
>> site that offered the contract (with taler-confirm-contract) in the
>> first place? What if the merchant's hostname changes?
>
> It's much simpler. The contract proposals are signed by the merchant's
> public key, so just include the merchant's public key.
Hmm. That makes the assumption that the merchant has only one key.
This is true in the current implementation, but we should make it clear
that we make this assumption and that the repurchase detection mechanism
won't work anymore if the merchant rotates keys.
What will happen more often, merchants changing their shop domain or
merchants rotating keys?
>> Should we let the user know that it's a re-purchase? Should they have
>> the ability to say "no, I really want to pay for it again"?
>
> If a re-purchase makes sense, then the fulfillment page of the merchant
> should have a "re-purchase" button that gives the wallet another
> contract with a different correlation ID. As re-purchase really never
> makes sense for media (image, pdf, video), the fulfillment page will be
> HTML and so placing such a button is trivial for the merchant.
That's a good solution, I agree.
- Florian
signature.asc
Description: OpenPGP digital signature