summaryrefslogtreecommitdiff
path: root/doc/system
diff options
context:
space:
mode:
Diffstat (limited to 'doc/system')
-rw-r--r--doc/system/taler/design.tex2
-rw-r--r--doc/system/taler/implementation.tex26
2 files changed, 17 insertions, 11 deletions
diff --git a/doc/system/taler/design.tex b/doc/system/taler/design.tex
index 3590b8fb1..de91daa13 100644
--- a/doc/system/taler/design.tex
+++ b/doc/system/taler/design.tex
@@ -555,7 +555,7 @@ security of an exchange as part of the certification process.
-\subsubsection{Compromise of Signing Keys}
+\subsubsection{Compromise of Signing Keys} \label{sec:signkey:compromise}
When a signing key is compromised, the attacker can pretend to be a
merchant and forge deposit confirmations. To forge a deposit
diff --git a/doc/system/taler/implementation.tex b/doc/system/taler/implementation.tex
index 4bed97fd1..973e97894 100644
--- a/doc/system/taler/implementation.tex
+++ b/doc/system/taler/implementation.tex
@@ -1056,23 +1056,29 @@ auditor.
The list of invariants checked by this tool thus includes:
\begin{itemize}
-\item emergency on denominations because the value or number
+\item Testing for an
+ emergency on denominations because the value or number
of coins deposited exceeds the value or number of coins
issued; if this happens, the exchange should revoke the
respective denomination.
-\item various arithmetic inconsistencies from exchanges
+\item Checking for arithmetic inconsistencies from exchanges
not properly calculating balances or fees during the
various coin operations (withdraw, deposit, melt, refund);
-\item signatures being wrong for denomination key revocation,
- coin denomination signature,
- or coin operations (deposit, melt, refund, recoup)
-\item denomination keys not being known to the auditor
-\item denomination keys being actually revoked if a recoup
- is granted
-\item coins being melted but not (yet) recouped
+\item That signatures are correct for denomination key revocation,
+ coin denominations,
+ and coin operations (deposit, melt, refund, recoup)
+\item That denomination keys are known to the auditor.
+\item That denomination keys were actually revoked if a recoup
+ is granted.
+\item Whether there exists refresh sessions from coins that
+ have been melted but not (yet) revealed
(this can be harmless and no fault of the exchange, but
could also be indicative of an exchange failing to process
- certain requests in a timely fashion)
+ certain requests in a timely fashion).
+\item That the refund deadline is not after
+ the wire deadline (while harmless, such a deposit
+ makes inconsistent requirements and should have been
+ rejected by the exchange).
\end{itemize}