Re: [Taler] denomination manipulation

[Jeff Burdges]

On Thu, 2015-11-26 at 19:25 +0100, Christian Grothoff wrote:
> On 11/26/2015 03:14 PM, Jeff Burdges wrote:
> > Also, we're offering the /keys API call under the same domain as
> > other
> > mint functions, so the mint knows the user's identity when they
> > offer
> > this information, and they would anyways if they've few customers.
> 
> Eh, how? The wallet can (and should) access /keys via Tor.

If the wallet does not cache the denomination keys then you'll have
access to the session cookies of Tor Browser.   If the Tor Browser user
is paranoid enough to disable even session cookies, which probably
breaks all shopping anyways, then you can make an educated guess based
upon traffic and their exit node or the preceding hop in the circuit.

If the wallet does cache the denomination keys, then you need to make
them to login before your web page informs the wallet that it's
visiting a mint. 

Jeff

signature.asc
Description: This is a digitally signed message part