[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Taler] sync transitivity
From: |
Jeff Burdges |
Subject: |
Re: [Taler] sync transitivity |
Date: |
Wed, 28 Feb 2018 09:50:32 +0100 |
On Wed, 2018-02-28 at 09:15 +0100, David '-1' Schmid wrote:
> On 2018-02-28T00:54:59, Jeff Burdges wrote:
> > If you view linking as sharing a single backup account then you could
> > either throw an error, or else prompt to figure out if one or both of
> > the a or d go away.
> Would that be leaking information? Seems to me it would.
Yes, but it's an extremely rare event, so not catastrophic. An attacker
could exploit if for confirmation of backup account ownership, but much
easier ways exist.
> > Alternatively, all wallets might posses their own independent backup
> > accounts, to which they can backup even before configured to do so, and
> > linking would merely be giving another wallet read and maybe notify
> > access. It's slightly harder to protect metadata here, but not too bad
> > if the read access is symmetric, but that's similarly hard.
> I favor this approach as I think, it would be more general.
It's more user friendly imho, but at first blush leaks more.
> I'm thinking as follows:
> At my university, we have different wallets for e.g. canteen and
> parking. I think that I'd not need my parking wallet on my notebook, nor
> my home desktop, but maybe on my PC at work.
I agree many users need access stratification among wallets, not pure
syncing. We need to figure out a good balance that provides lots of
functionality without much interface complexity or bad failure modes.
> Having them completely seperated would be fine with me; they might even
> have different "currencies" for their various purposes.
> In fact, it works like that, where I study :D
It's hard for people to manage cryptographic tokens for backups, so some
linking between wallets sounds like the easiest way to do backups. This
does not mean different wallets can necessarily spend from one another
even after you link them.
> > The design space keeps expanding...
> You all might want look at Syncthing's [1] sharing model; I quite like
> it and it works for me :D
We can but so far I've been arguing that data syncing is a bad model for
money. As real sync cannot be made reliable, there are consequences
like unpredictable balance fluctuations to syncing wallet balances. And
poor privacy even if you can sync reliably.
Jeff
signature.asc
Description: This is a digitally signed message part