In case of the shop owner, the user/sender manually confirms which is exactly as it is when paying with fiat.
In case of an exchange, any normal exchange account identification with password should do the trick. So slate-packs should work best when using an exchange I think.
Can you give a concrete example of all 3 steps because i still donât see how you would do it? (i mean an example of automation of 2nd step in RSR)
Edit: the only way i see is if exchange would give you some random number and you would put it in the memo in step 1. Not sure how safe that would be though
Ok, correct me if I misunderstand something.
- The user logs in to his exchange account
- The user goes to the wallet and click the button âWithdrawal requestâ and fills in the amount he likes to request
- The user copies a slatepack with this information into his online account.
-By requiring the user to copy it into his online account this means the user has logged in verified etc.
-Additionally the user could add his own slate-pack address as trusted address to reduce the chance of man in the middle attacks, requiring 2FA to change trusted addresses).
-The exchange could request a second time to fill in a password, but this might be overkill, this is also not needed when withdrawing any other cryptocurrency. - The exchange checks the requested amount to the balance of the user and either sends it directly over tor or offers a slatepack the user can copy into his wallet. I think the later option, copying the slatepack might actually be most secure).
- The user copies the slatepack into his wallet and clicks confirm-transaction/publish. The user has 24 hours to complete the transactions, or the locked amount by the exchange will be self spend reducing the balance of the user with the amount of the transaction fees for the self spend.
2 Likes
Hm maybe that would work, but would need to think more about possible attacks. I would still prefer SRS for withdrawals though (i like symmetry :P). In any case all slatepacks should be encrypted for the other party imo
2 Likes
SRS would also work fine. But the main point that I wanted to make with the user story above is that RSR is not any more difficult for a user than SRS. The main difference for a user is that the user fills in the amount in his wallet when generating the request opposed to filling it in online on the exchange. The steps are just 2x copying a slate-pack or the transaction happens automatically over Tor. I think many user would not even be conscious about the difference and that is fine as long as there are no serious attack possibilities, or if those security risks are mitigated by some settings or wallet features:
- minimum amount treshold
- 2FA to add trusted slatepack address to exchange OR requesting password to finalize RSR
- encrypted slatepacks (I thought slatepacks where always encrypted for the receiver)
- self spend after 24h for RSR
- one-time use addresses to avoid a) dust attacks as well as b) identification of a node with high transaction throughput (Tor becomes less private with to many transactions/package of the same type being send by one node)
Grin and its famous advertising at display 