diff options
author | Christian Grothoff <christian@grothoff.org> | 2021-08-08 16:48:39 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2021-08-08 16:48:39 +0200 |
commit | 6b4352de2488f92a0faba207cb36ec81ee128bd3 (patch) | |
tree | 31e6b720e45d286d600b41f797f3591b12f195e9 | |
parent | 7457e6cc3f188f0c54e25e56d98a1361c5746a5d (diff) | |
download | www-6b4352de2488f92a0faba207cb36ec81ee128bd3.tar.gz www-6b4352de2488f92a0faba207cb36ec81ee128bd3.tar.bz2 www-6b4352de2488f92a0faba207cb36ec81ee128bd3.zip |
-add updated response
-rw-r--r-- | static/papers/response-202109.pdf | bin | 0 -> 125927 bytes | |||
-rw-r--r-- | template/news/2021-09.html.j2 | 11 |
2 files changed, 11 insertions, 0 deletions
diff --git a/static/papers/response-202109.pdf b/static/papers/response-202109.pdf Binary files differnew file mode 100644 index 00000000..af0ae140 --- /dev/null +++ b/static/papers/response-202109.pdf diff --git a/template/news/2021-09.html.j2 b/template/news/2021-09.html.j2 index ca135824..af187ae3 100644 --- a/template/news/2021-09.html.j2 +++ b/template/news/2021-09.html.j2 @@ -17,6 +17,8 @@ Notable changes include: <li>NEW: Optional inventory management by the merchant backend</li> <li>NEW: Product image previews in contracts</li> <li>NEW: Packaged merchant point-of-sale and cashier Apps for F-Droid</li> +<li>NEW: Better isolation of online private keys</li> +<li>NEW: Better isolation of sensitive exchange configuration options</li> <li>Implemented long-polling support for refunds</li> <li>Improved the HTTP API of the merchant to be more RESTful and easier to use</li> <li>Improved message flow for tipping and refunds to ensure merchant knows @@ -30,6 +32,15 @@ Notable changes include: <li>Availability of a documented API for the wallet core, now used by all user interfaces</li> <li>Various minor bugfixes and documentation improvements</li> </ul> +<p> +Some of the major changes are based on the security audit performed +by Code Blau in 2020. In particular, they had recommended strengthening +the isolation of the private keys, which is now implemented using the +<tt>taler-exchange-secmod-*</tt> binaries that can run under a different +user ID than the network-facing <tt>taler-exchange-httpd</tt> process. +Our detailed response to the audit is available +<a href="https://taler.net/papers/response-202109.pdf">here</a>. +</p> <h4>Download links</h4> <p> |