#2 — Authorizer should not be asked in real time
| State | Confirmed |
|---|---|
| Area | Issuer Service |
| Issue type | Bug |
| Severity | Important |
| Submitted by | Jörg Baach |
| Submitted on | May 15, 2009 |
| Responsible |
—
|
Last modified on
Mar 03, 2010
Right now on the issuer side the authorizer is passed an incoming request for authorization. This makes the authorizer an online available target of attack.
It would be much better if the authorizer would 'offline' issue a statement which would allow minting of N coins. In the end that certificate is the authorization.
How would those certs however be handled by mobile phones? Maybe the authorizer would sign a statement of the form "<N> <currencyId>", and the mobile would present the signature (only) along with the mint request?
It would be much better if the authorizer would 'offline' issue a statement which would allow minting of N coins. In the end that certificate is the authorization.
How would those certs however be handled by mobile phones? Maybe the authorizer would sign a statement of the form "<N> <currencyId>", and the mobile would present the signature (only) along with the mint request?
Added by
Jörg Baach
on
May 15, 2009 01:44 PM
Issue state:
Unconfirmed
→
Confirmed
Added by
(anonymous)
on
Mar 03, 2010 12:11 AM
ONXSre <a href="http://zilrivfgyqlh.com/">zilrivfgyqlh</a>, [url=http://pzkpbkqhksdd.com/]pzkpbkqhksdd[/url], [link=http://zofknjbllyqx.com/]zofknjbllyqx[/link], http://cotknyvvyxvg.com/
No responses can be added.
