View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005972 | Taler | libeufin-nexus | public | 2019-11-18 19:28 | 2023-12-23 17:02 |
| Reporter | Marcello Stanisci | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | acknowledged | Resolution | open | ||
| Target Version | post-1.0 | ||||
| Summary | 0005972: Avoid sending signed data before key exchange | ||||
| Description | The Nexus should check if their keys were accepted by the bank (via INI / HIA) before performing any operation using those. This is useful because some banks may simply respond "signature invalid" without telling what the real cause is. | ||||
| Tags | No tags attached. | ||||
|
|
This happens here (1) for example, where the 'makeEbicsHpbRequest()' function just makes the message without checking the state of the key used to sign the message. But possibly, this is not a real problem. If errors are nicely reported, then the user will be correctly warned about the impossibility of the attempted operation. [1] https://git.taler.net/libeufin.git/tree/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt?id=4f0af79c3cde2b71f8a3607d5310aaf375d011eb#n87 |
|
|
This can be closed after testing how Postfinance reacts to such scenario, but using keys that were never shared with the bank should be avoided. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-11-18 19:28 | Marcello Stanisci | New Issue | |
| 2020-05-15 19:19 | Marcello Stanisci | Note Added: 0015917 | |
| 2020-05-15 19:19 | Marcello Stanisci | Assigned To | => Marcello Stanisci |
| 2020-05-15 19:19 | Marcello Stanisci | Status | new => feedback |
| 2020-11-10 12:07 | MS | Target Version | => 0.9.2 |
| 2020-11-10 16:26 | MS | Target Version | 0.9.2 => 0.9.3 |
| 2023-04-11 11:14 | MS | Note Added: 0020067 | |
| 2023-04-11 11:22 | MS | Note Edited: 0020067 | |
| 2023-04-11 11:24 | MS | Status | feedback => assigned |
| 2023-04-11 11:25 | MS | Status | assigned => acknowledged |
| 2023-04-13 20:26 | Florian Dold | Project | libeufin => Taler |
| 2023-04-13 20:26 | Florian Dold | Category | nexus => General |
| 2023-04-13 21:31 | Florian Dold | Category | General => libeufin-nexus |
| 2023-06-29 12:07 | MS | Target Version | 0.9.3 => post-1.0 |
| 2023-09-03 18:23 | Christian Grothoff | Assigned To | Marcello Stanisci => MS |
| 2023-12-23 17:02 | Christian Grothoff | Assigned To | MS => |
