[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] mint base URL subtleties

From: Christian Grothoff
Subject: Re: [Taler] mint base URL subtleties
Date: Sat, 12 Dec 2015 17:54:22 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.4.0

On 12/12/2015 05:08 PM, Florian Dold wrote:
> On Dec 11, 2015 23:52, "Christian Grothoff" <address@hidden> wrote:
>> Tricky. How do you know it should be http://, and not https://? I think
>> if we don't do 1a, then at least we should default to https. Asking a
>> mint to run https or fail on auto-completion is better than using http
>> with a mint that does offer https.
> Sure, I agree. A fancier mint could even probe for https and fall back to
> http.

No, that would enable a downgrade attack.

>> I'd say different base URL == different mint for the wallet. Otherwise,
>> you don't know under which URL to interact with the mint, so that'd be
>> bad.  If the same mint operator uses the same mint keys under two
>> different URLs, I see no problem with wallets that treat those mints as
>> separate entities. The only point is that we need to track the mint by
>> URL inside the wallet, instead of by the mint's master key. But that
>> seems fine.
> So "http://mint.example.com/"; and "https://mint.example.com/"; are treated
> as different mints.


> This makes kinda sense, as long as the fancy version of the wallet offers
> to merge mints with different URLs but the same key.

Why? "merging" would not change anything, except us fetching /keys twice
and us offering two mints in the list of all mints to the user.

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]