summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2020-07-12 10:22:35 +0200
committerChristian Grothoff <christian@grothoff.org>2020-07-12 10:22:35 +0200
commit4d298f9bea8a98acc5d4b7d738af02313b203658 (patch)
tree021fca2f24041d7819a649e2fc9ca59d20745227
parent82b6067de68cbaed7bfd01222fab8f0c2f6b9cfb (diff)
downloadexchange-4d298f9bea8a98acc5d4b7d738af02313b203658.tar.gz
exchange-4d298f9bea8a98acc5d4b7d738af02313b203658.tar.bz2
exchange-4d298f9bea8a98acc5d4b7d738af02313b203658.zip
update response
-rw-r--r--doc/audit/response-202005.tex19
m---------doc/prebuilt0
2 files changed, 12 insertions, 7 deletions
diff --git a/doc/audit/response-202005.tex b/doc/audit/response-202005.tex
index b07e053e..5d90b4c7 100644
--- a/doc/audit/response-202005.tex
+++ b/doc/audit/response-202005.tex
@@ -15,9 +15,8 @@
\section{Abstract}
-This is the preliminary response to the source code audit report CodeBlau
-created for GNU Taler in Q2/Q3 2020. A final response with more details is
-expected later this year.
+This is the response to the source code audit report CodeBlau
+created for GNU Taler in Q2/Q3 2020.
\section{Management Summary}
@@ -44,10 +43,16 @@ We appreciate CodeBlau's extensive list of checks the Taler auditor performs,
which was previously not documented adequately by us. We agree that the
auditor still needs more comprehensive documentation.
-As for issue \#6416, we agree with the analysis and the proposed fix, even if
-the implications are not fully clear. It has not yet been implemented as we
-want to carefully review all of the SQL statements implicated in the
-resolution and ensure we fully understand the implications.
+As for issue \#6416, we agree with the analysis. However, the proposed fix
+of making the primary key include the denomination would create other problems,
+such as the exchange sometimes not having the denomination key (link, refund)
+and the code in various places relying on the assumption of the coin's
+public key being unique. Furthermore, allowing coin key re-use may validate
+a terrible practice. We thus decided it is better to ``fail early'', and
+modified the code to check that the coin public key is ``unique'' during
+deposit, refresh and recoup and ensured that the exchange returns a proof
+of non-uniqueness in case of a violation. The test suite was extended to
+cover the corner case.
\section{Issues in GNUnet}
diff --git a/doc/prebuilt b/doc/prebuilt
-Subproject eef86710c7deade01361f8985fd9a6fe6a21e8f
+Subproject ca53235ccfa0458ebf11c204888ca370e20ec3f