Review TTP Resolve Protocol!
Current implementation present flaws!
Signers
Currently, a signer is considered dishonest if:
- He contacted the ttp more than once (ie he received an abort token and still contacted the ttp another time)
- He contacted the ttp with invalid information (bad/corrupted content ; invalid set of evidence)
A signer should be ALSO classified as dishonest if:
- He was sent an abort token, and evidence provided by another signer during a resolve protocol call proves that he continued the protocol after having been sent the abort token
Resolve protocol
The following behavior is not implemented, and causes the resolve protocol to be incomplete.
- At any time, if there is at least one non dishonest signer that has been sent an abort token, the ttp has to send abort tokens to the other signers contacting for resolve.
- Therefore, if a previously aborted signer is proved to be dishonest after the incoming new evidences, he should not be considered in that rule.
Currently, the ttp can send a signed contract, even if a non dishonest aborted signer still exists.