exchange

Base system with REST service to issue digital coins, run by the payment service provider
Log | Files | Refs | Submodules | README | LICENSE
commit ef0eb9e5bf1f0ff18c498e9e7882f75aa7a2576c
parent 62d5aae1198e7e8374470539e19a112593fb0b2b
Author: Christian Grothoff <christian@grothoff.org>
Date:   Tue, 14 Jul 2020 21:10:55 +0200

improve documentation on which invariants are checked by which auditor helper

Diffstat:

Mdoc/system/taler/design.tex | 2+-


Mdoc/system/taler/implementation.tex | 26++++++++++++++++----------


2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/doc/system/taler/design.tex b/doc/system/taler/design.tex
@@ -555,7 +555,7 @@ security of an exchange as part of the certification process.
 
 
 
-\subsubsection{Compromise of Signing Keys}
+\subsubsection{Compromise of Signing Keys} \label{sec:signkey:compromise}
 
 When a signing key is compromised, the attacker can pretend to be a
 merchant and forge deposit confirmations.  To forge a deposit
diff --git a/doc/system/taler/implementation.tex b/doc/system/taler/implementation.tex
@@ -1056,23 +1056,29 @@ auditor.
 
 The list of invariants checked by this tool thus includes:
 \begin{itemize}
-\item emergency on denominations because the value or number
+\item Testing for an
+  emergency on denominations because the value or number
   of coins deposited exceeds the value or number of coins
   issued; if this happens, the exchange should revoke the
   respective denomination.
-\item various arithmetic inconsistencies from exchanges
+\item Checking for arithmetic inconsistencies from exchanges
   not properly calculating balances or fees during the
   various coin operations (withdraw, deposit, melt, refund);
-\item signatures being wrong for denomination key revocation,
-  coin denomination signature,
-  or coin operations (deposit, melt, refund, recoup)
-\item denomination keys not being known to the auditor
-\item denomination keys being actually revoked if a recoup
-  is granted
-\item coins being melted but not (yet) recouped
+\item That signatures are correct for denomination key revocation,
+  coin denominations,
+  and coin operations (deposit, melt, refund, recoup)
+\item That denomination keys are known to the auditor.
+\item That denomination keys were actually revoked if a recoup
+  is granted.
+\item Whether there exists refresh sessions from coins that
+  have been melted but not (yet) revealed
   (this can be harmless and no fault of the exchange, but
   could also be indicative of an exchange failing to process
-  certain requests in a timely fashion)
+  certain requests in a timely fashion).
+\item That the refund deadline is not after
+  the wire deadline (while harmless, such a deposit
+  makes inconsistent requirements and should have been
+  rejected by the exchange).
 \end{itemize}