diff options
| author | Christian Grothoff <christian@grothoff.org> | 2020-07-14 21:10:55 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2020-07-14 21:10:55 +0200 |
| commit | ef0eb9e5bf1f0ff18c498e9e7882f75aa7a2576c (patch) | |
| tree | 7e2eb6f0063de99ec983c3f835e6627951c1268c /doc | |
| parent | 62d5aae1198e7e8374470539e19a112593fb0b2b (diff) | |
improve documentation on which invariants are checked by which auditor helper
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/system/taler/design.tex | 2 | ||||
| -rw-r--r-- | doc/system/taler/implementation.tex | 26 |
2 files changed, 17 insertions, 11 deletions
diff --git a/doc/system/taler/design.tex b/doc/system/taler/design.tex index 3590b8fb1..de91daa13 100644 --- a/doc/system/taler/design.tex +++ b/doc/system/taler/design.tex @@ -555,7 +555,7 @@ security of an exchange as part of the certification process. -\subsubsection{Compromise of Signing Keys} +\subsubsection{Compromise of Signing Keys} \label{sec:signkey:compromise} When a signing key is compromised, the attacker can pretend to be a merchant and forge deposit confirmations. To forge a deposit diff --git a/doc/system/taler/implementation.tex b/doc/system/taler/implementation.tex index 4bed97fd1..973e97894 100644 --- a/doc/system/taler/implementation.tex +++ b/doc/system/taler/implementation.tex @@ -1056,23 +1056,29 @@ auditor. The list of invariants checked by this tool thus includes: \begin{itemize} -\item emergency on denominations because the value or number +\item Testing for an + emergency on denominations because the value or number of coins deposited exceeds the value or number of coins issued; if this happens, the exchange should revoke the respective denomination. -\item various arithmetic inconsistencies from exchanges +\item Checking for arithmetic inconsistencies from exchanges not properly calculating balances or fees during the various coin operations (withdraw, deposit, melt, refund); -\item signatures being wrong for denomination key revocation, - coin denomination signature, - or coin operations (deposit, melt, refund, recoup) -\item denomination keys not being known to the auditor -\item denomination keys being actually revoked if a recoup - is granted -\item coins being melted but not (yet) recouped +\item That signatures are correct for denomination key revocation, + coin denominations, + and coin operations (deposit, melt, refund, recoup) +\item That denomination keys are known to the auditor. +\item That denomination keys were actually revoked if a recoup + is granted. +\item Whether there exists refresh sessions from coins that + have been melted but not (yet) revealed (this can be harmless and no fault of the exchange, but could also be indicative of an exchange failing to process - certain requests in a timely fashion) + certain requests in a timely fashion). +\item That the refund deadline is not after + the wire deadline (while harmless, such a deposit + makes inconsistent requirements and should have been + rejected by the exchange). \end{itemize} |