aboutsummaryrefslogtreecommitdiff
path: root/doc/audit
diff options
context:
space:
mode:
authorFlorian Dold <florian@dold.me>2020-12-27 19:45:32 +0100
committerFlorian Dold <florian@dold.me>2020-12-27 19:45:32 +0100
commit7536ffce798aa6d9c81207eaaf91a3cb4db6ad2a (patch)
tree778abdd0deb1e50c318e7d274051fead872a8213 /doc/audit
parente550acf5779f8b5da31bc97b35f77ff3f1935c0b (diff)
audit response: minor clarifications
Diffstat (limited to 'doc/audit')
-rw-r--r--doc/audit/response-202012.tex19
1 files changed, 10 insertions, 9 deletions
diff --git a/doc/audit/response-202012.tex b/doc/audit/response-202012.tex
index 97d8a0ce9..90bd59544 100644
--- a/doc/audit/response-202012.tex
+++ b/doc/audit/response-202012.tex
@@ -209,13 +209,14 @@ section ``Exchange crypto helper design'' at \url{https://docs.taler.net/} of
Chapter 12.
{\bf Update:} In doing so, we also added a new type of signing key, the
-``security module'' signing key. This is used by the newly separated processes
-to sign the public keys that they guard the private keys for. The security
-module signatures are verified by the new ``taler-exchange-offline`` tool to
-ensure that even if the exchange process is compromised, we do not sign keys
-into existence that did not originate from the security module(s). The
-security module public keys can be given in the configuration, or are learned
-TOFU-style.
+``security module'' signing key. This is used by the newly separated ``security
+module`` processes to sign the public keys that they guard the private keys
+for. The security module signatures are verified by the new
+``taler-exchange-offline`` tool to ensure that even if the {\tt
+taler-exchange-httpd} process is compromised, the offline signature tool would
+refuse to sign new public keys that do not originate from the security
+module(s). The security module public keys can be given in the configuration,
+or are learned TOFU-style.
\subsection{File system access}
@@ -234,9 +235,9 @@ We have started to better document the operational requirements on running the
auditor.
{\bf Update:} On the exchange side, we have now moved additional information
-into the database, in particular information about offline signatures
+from the file system into the database, in particular information about offline signatures
(including key revocations) and wire fees. This simplifies the deployment and
-the interaction with the offline key. The remaining disk accesses are for
+the interaction with offline key signing mechanism. The remaining disk accesses are for
quite fundamental configuration data (which ports to bind to, configuration to
access the database, etc.), and of course the program logic itself.