POST /management/auditors/$AUDITOR_PUB/disable

This request will be used to disable the use of the given auditor. We use POST instead of DELETE because the exchange will retain state about the auditor (specifically the end date) to prevent replay attacks abusing the AuditorSetupMessage. Also, DELETE would not support a body, which is needed to provide the signature authorizing the operation.

Request:

The request must be a AuditorTeardownMessage.

Response

204 No content:

The auditor has successfully disabled the auditor. The body is empty.

403 Forbidden:

The signature is invalid.

404 Not found:

The auditor is unknown to the exchange.

409 Conflict:

The exchange has a more recent request related to this auditor key (replay detected).

Details:

interface AuditorTeardownMessage {

  // Signature by the exchange master key over a
  // TALER_MasterDelAuditorPS.
  // Must have purpose TALER_SIGNATURE_MASTER_AUDITOR_DEL.
  master_sig: EddsaSignature;

  // When does the auditor become inactive?
  // Should be the time when the signature was created,
  // using the (monotonic!) local time of the system
  // with the offline master public key.  Note that
  // even if the time is in the future, the auditor will
  // become inactive immediately! Used ONLY to detect replay attacks.
  validity_end: Timestamp;

}