0004841: Mitigate per-user DK set

ID	Project	Category	View Status	Date Submitted	Last Update

0004841	Taler	exchange	public	2016-12-16 10:04	2017-10-23 10:45

Reporter	Marcello Stanisci	Assigned To	Christian Grothoff
Priority	normal	Severity	feature	Reproducibility	have not tried
Status	closed	Resolution	won't fix
Product Version	git (master)
Target Version	0.5	Fixed in Version	0.1

Summary	0004841: Mitigate per-user DK set
Description	Possible use of the signature of the cumulative hash of all DKs, namely the 'eddsa_sig' field sent along in the /keys response: (2) Different keys per-user is obviously a crucial attack, and this signature allows one to collect _proof_ of the attack. But is this really enough to prevent it? In practice, we probably need to have some real "monitoring" of /keys that can be easily continuously executed by 3rd parties to keep the exchange honest. Future work...
Tags	No tags attached.

Date Modified	Username	Field	Change
2016-12-16 10:04	Marcello Stanisci	New Issue
2016-12-16 10:04	Marcello Stanisci	Status	new => assigned
2016-12-16 10:04	Marcello Stanisci	Assigned To	=> Christian Grothoff
2017-03-02 07:58	Christian Grothoff	Assigned To	Christian Grothoff =>
2017-03-02 07:58	Christian Grothoff	Severity	minor => feature
2017-03-02 07:58	Christian Grothoff	Status	assigned => confirmed
2017-03-02 07:58	Christian Grothoff	Description Updated
2017-10-23 10:45	Christian Grothoff	Assigned To	=> Christian Grothoff
2017-10-23 10:45	Christian Grothoff	Status	confirmed => closed
2017-10-23 10:45	Christian Grothoff	Resolution	open => won't fix
2017-10-23 10:45	Christian Grothoff	Product Version	=> git (master)
2017-10-23 10:45	Christian Grothoff	Fixed in Version	=> 0.1
2017-10-23 10:45	Christian Grothoff	Target Version	=> 0.5
2017-10-23 10:45	Christian Grothoff	Note Added: 0012507

Christian Grothoff 2017-10-23 10:45 manager ~0012507	This is some far-off theoretical feature, no need to worry about it for a long time, closing for now.