View Issue Details

IDProjectCategoryView StatusLast Update
0007304Talerexchangepublic2022-10-20 11:41
ReporterChristian Grothoff Assigned To 
PrioritylowSeveritytweakReproducibilityN/A
Status feedbackResolutionopen 
Platformi7OSDebian GNU/LinuxOS Versionsqueeze
Product Versiongit (master) 
Summary0007304: should we normalize payto://-URIs in the exchange before hashing?
DescriptionWe use the h_payto to re-identify accounts during KYC. It is used as the sharding key, and also in the protocol. In _most_ places (except for the GET /deposits/, where the client is really expected to already know the h_payto) the exchange now does return it to the client, so the client doesn't have to compute the hash itself. Still, normalization will make it "easier" to not accidentally re-require the (expensive) KYC process when little things have changed, such as a BIC in an 'iban' URI or capitalization of hostnames (x-taler-bank) or similar small shitty changes that don't matter (including possibly the 'receiver-name' as set by LibEuFin).

Whether to normalize and how is an open question. Where is pretty clear: the payto-uri hashes are all computed in libtalerutil in one function.
TagsNo tags attached.

Activities

Christian Grothoff

2022-08-23 10:29

manager   ~0019025

Conclusion of the discussion has been that the only component that should normalize is the merchant (spa/backoffice) before hashing the payto://-URI and sending it to the exchange for payment.

Christian Grothoff

2022-08-23 10:31

manager   ~0019026

We should discuss which normalizations should be one. Candidates:
- lower-case everything (including receiver-name)
- upper-case everything (including receiver-name)
- remove BIC from iban/ payto://-URIs

Other?

Issue History

Date Modified Username Field Change
2022-08-20 21:28 Christian Grothoff New Issue
2022-08-20 21:28 Christian Grothoff Status new => assigned
2022-08-20 21:28 Christian Grothoff Assigned To => Florian Dold
2022-08-23 10:29 Christian Grothoff Note Added: 0019025
2022-08-23 10:31 Christian Grothoff Note Added: 0019026
2022-08-23 10:31 Christian Grothoff Assigned To Florian Dold =>
2022-08-23 10:31 Christian Grothoff Priority urgent => normal
2022-08-23 10:31 Christian Grothoff Status assigned => feedback
2022-10-20 11:16 Christian Grothoff Target Version 0.9 => 0.9.1
2022-10-20 11:41 Christian Grothoff Priority normal => low
2022-10-20 11:41 Christian Grothoff Target Version 0.9.1 =>