taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

audit response: minor clarifications

Browse Source
This commit is contained in:
Florian Dold 2020-12-27 19:45:32 +01:00
parent e550acf577
commit 7536ffce79
No known key found for this signature in database
GPG Key ID: D2E4F00F29D02A4B
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
doc/audit/response-202012.tex
View File

@ -209,13 +209,14 @@ section ``Exchange crypto helper design'' at \url{https://docs.taler.net/} of
Chapter 12. Chapter 12.
{\bf Update:} In doing so, we also added a new type of signing key, the {\bf Update:} In doing so, we also added a new type of signing key, the
``security module'' signing key. This is used by the newly separated processes ``security module'' signing key. This is used by the newly separated ``security
to sign the public keys that they guard the private keys for. The security module`` processes to sign the public keys that they guard the private keys
module signatures are verified by the new ``taler-exchange-offline`` tool to for. The security module signatures are verified by the new
ensure that even if the exchange process is compromised, we do not sign keys ``taler-exchange-offline`` tool to ensure that even if the {\tt
into existence that did not originate from the security module(s). The taler-exchange-httpd} process is compromised, the offline signature tool would
security module public keys can be given in the configuration, or are learned refuse to sign new public keys that do not originate from the security
TOFU-style. module(s). The security module public keys can be given in the configuration,
or are learned TOFU-style.
\subsection{File system access} \subsection{File system access}
@ -234,9 +235,9 @@ We have started to better document the operational requirements on running the
auditor. auditor.
{\bf Update:} On the exchange side, we have now moved additional information {\bf Update:} On the exchange side, we have now moved additional information
into the database, in particular information about offline signatures from the file system into the database, in particular information about offline signatures
(including key revocations) and wire fees. This simplifies the deployment and (including key revocations) and wire fees. This simplifies the deployment and
the interaction with the offline key. The remaining disk accesses are for the interaction with offline key signing mechanism. The remaining disk accesses are for
quite fundamental configuration data (which ports to bind to, configuration to quite fundamental configuration data (which ports to bind to, configuration to
access the database, etc.), and of course the program logic itself. access the database, etc.), and of course the program logic itself.