From 6b4352de2488f92a0faba207cb36ec81ee128bd3 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 8 Aug 2021 16:48:39 +0200 Subject: -add updated response --- static/papers/response-202109.pdf | Bin 0 -> 125927 bytes template/news/2021-09.html.j2 | 11 +++++++++++ 2 files changed, 11 insertions(+) create mode 100644 static/papers/response-202109.pdf diff --git a/static/papers/response-202109.pdf b/static/papers/response-202109.pdf new file mode 100644 index 00000000..af0ae140 Binary files /dev/null and b/static/papers/response-202109.pdf differ diff --git a/template/news/2021-09.html.j2 b/template/news/2021-09.html.j2 index ca135824..af187ae3 100644 --- a/template/news/2021-09.html.j2 +++ b/template/news/2021-09.html.j2 @@ -17,6 +17,8 @@ Notable changes include:
  • NEW: Optional inventory management by the merchant backend
  • NEW: Product image previews in contracts
  • NEW: Packaged merchant point-of-sale and cashier Apps for F-Droid
    • +
  • NEW: Better isolation of online private keys
    • +
  • NEW: Better isolation of sensitive exchange configuration options
  • Implemented long-polling support for refunds
  • Improved the HTTP API of the merchant to be more RESTful and easier to use
  • Improved message flow for tipping and refunds to ensure merchant knows @@ -30,6 +32,15 @@ Notable changes include:
  • Availability of a documented API for the wallet core, now used by all user interfaces
  • Various minor bugfixes and documentation improvements
    • +

    +Some of the major changes are based on the security audit performed +by Code Blau in 2020. In particular, they had recommended strengthening +the isolation of the private keys, which is now implemented using the +taler-exchange-secmod-* binaries that can run under a different +user ID than the network-facing taler-exchange-httpd process. +Our detailed response to the audit is available +here. +

    Download links

    -- cgit v1.2.3