diff options
author | Eric Voskuil <eric@voskuil.org> | 2016-09-09 17:54:28 -0700 |
---|---|---|
committer | bitcoindev <bitcoindev@gnusha.org> | 2016-09-10 00:54:30 +0000 |
commit | 3fb278c58874d0f6ce3d913425a1a42d43801ede (patch) | |
tree | fc3860d59242b1314ad519d8621656c7c0dfbb34 | |
parent | 6f3ecbd0860ffe33eb6be0e593fbacbcdd5e0634 (diff) | |
download | pi-bitcoindev-3fb278c58874d0f6ce3d913425a1a42d43801ede.tar.gz pi-bitcoindev-3fb278c58874d0f6ce3d913425a1a42d43801ede.zip |
Re: [bitcoin-dev] Completing the retirement of the alert system
-rw-r--r-- | d1/3ecb90db68f9a23aded9b887e54010d41517b3 | 149 |
1 files changed, 149 insertions, 0 deletions
diff --git a/d1/3ecb90db68f9a23aded9b887e54010d41517b3 b/d1/3ecb90db68f9a23aded9b887e54010d41517b3 new file mode 100644 index 000000000..821edaf30 --- /dev/null +++ b/d1/3ecb90db68f9a23aded9b887e54010d41517b3 @@ -0,0 +1,149 @@ +Return-Path: <eric@voskuil.org> +Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org + [172.17.192.35]) + by mail.linuxfoundation.org (Postfix) with ESMTPS id EA627A55 + for <bitcoin-dev@lists.linuxfoundation.org>; + Sat, 10 Sep 2016 00:54:30 +0000 (UTC) +X-Greylist: whitelisted by SQLgrey-1.7.6 +Received: from mail-pa0-f47.google.com (mail-pa0-f47.google.com + [209.85.220.47]) + by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5AEFB192 + for <bitcoin-dev@lists.linuxfoundation.org>; + Sat, 10 Sep 2016 00:54:30 +0000 (UTC) +Received: by mail-pa0-f47.google.com with SMTP id to9so33061827pac.1 + for <bitcoin-dev@lists.linuxfoundation.org>; + Fri, 09 Sep 2016 17:54:30 -0700 (PDT) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=voskuil-org.20150623.gappssmtp.com; s=20150623; + h=from:content-transfer-encoding:mime-version:subject:message-id:date + :references:in-reply-to:to; + bh=ZPHqPkHEQ1iTsrxLJhkKoma2KyM4KkBb8Z8WHcFN6ck=; + b=h7dxAWEQPQpuzJ4Uk+LXpvUUr3jIAH8wJvNBXz1UwtooEBi89P+rxmIrviibtdMM0v + ipG9J+DX/DceJaKpGivxjccNwMGnSZrYUj+PZigzrP1CtNXvbdZWuxYqUtdNaw4d+Oc1 + KY/3ToL8gfj9i9w4/mgGbzmmzD2DgYU1//SsfRqwWpdUPk0IowuF/zWRqjPRJ5ygY7eH + BNb2rvwJN7urMdikmAYav6NnWi9zuXxMGcgveOVwwhv6qqqpoBmQSzfgVNRZioMmw3vn + nx4mdlKPMNG+dBLTHYSWc86ub6gwOp5+kQr5Cp5PZLm28RUcsTyrqnUzdbb/sKNHyUdd + oWaQ== +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20130820; + h=x-gm-message-state:from:content-transfer-encoding:mime-version + :subject:message-id:date:references:in-reply-to:to; + bh=ZPHqPkHEQ1iTsrxLJhkKoma2KyM4KkBb8Z8WHcFN6ck=; + b=Xz1nvfIonRJweB3pKIMRocLBKdpDdG6ukLCHoBTClSCUmICjo+KSxE6wpiFAq4+Tzr + jsQiFZr7GYDQefil8gonlWY1QE+Z9rN6UUhc2vAA3Q/v2JOaDj/WMn9SPgI4wCwyrNJu + 6zpa4e/Q2sLNSnKAF329sULLLABfGAe2C4rTqyXxa4dXjNTJS3bcGIwl62FWJAxCeMDs + AWV47hIZRwfniGMx27wOgRHhKd28w1VLOOGWdReRgMPN54YWKgpOGruc0VquMG7gM7HZ + 71J9/mK0/6iWRKbFI2o/LIG9LkfwBt8u2Etk2HwTH87WCqM1cNHDAo8L15fTiUAWVoEr + 4Xjg== +X-Gm-Message-State: AE9vXwPEgDGK22nYH37J2eFS3/77/1OQbZZu/JrrBcJlVIeWZduGEHp57HY29u8B2bn+Iw== +X-Received: by 10.66.7.33 with SMTP id g1mr11478875paa.92.1473468870052; + Fri, 09 Sep 2016 17:54:30 -0700 (PDT) +Received: from ?IPv6:2601:600:9000:d69e:bd08:99e3:bd72:407b? + ([2601:600:9000:d69e:bd08:99e3:bd72:407b]) + by smtp.gmail.com with ESMTPSA id 3sm7825464pfz.33.2016.09.09.17.54.28 + (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); + Fri, 09 Sep 2016 17:54:29 -0700 (PDT) +From: Eric Voskuil <eric@voskuil.org> +Content-Type: text/plain; + charset=us-ascii +Content-Transfer-Encoding: quoted-printable +Mime-Version: 1.0 (1.0) +Message-Id: <474CB187-0642-452C-AE1B-00D46FAE8BAF@voskuil.org> +Date: Fri, 9 Sep 2016 17:54:28 -0700 +References: <CAAS2fgTYOUSm07N4NYDCsjjwSbAo_ye84UvbQF--3JzhLHkG0Q@mail.gmail.com> +In-Reply-To: <CAAS2fgTYOUSm07N4NYDCsjjwSbAo_ye84UvbQF--3JzhLHkG0Q@mail.gmail.com> +To: Gregory Maxwell <greg@xiph.org>, + Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org> +X-Mailer: iPhone Mail (13G35) +X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, + DKIM_VALID, MIME_QP_LONG_LINE, + RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on + smtp1.linux-foundation.org +X-Mailman-Approved-At: Sat, 10 Sep 2016 01:17:17 +0000 +Subject: Re: [bitcoin-dev] Completing the retirement of the alert system +X-BeenThere: bitcoin-dev@lists.linuxfoundation.org +X-Mailman-Version: 2.1.12 +Precedence: list +List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> +List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> +List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> +List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> +List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> +List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> +X-List-Received-Date: Sat, 10 Sep 2016 00:54:31 -0000 + +ACK + +libbitcoin defines the message and includes the public key but only for comp= +leteness and reference purposes. It has never been used in the node. + +e + +> On Sep 9, 2016, at 5:42 PM, Gregory Maxwell via bitcoin-dev <bitcoin-dev@l= +ists.linuxfoundation.org> wrote: +>=20 +> The alert system was a centralized facility to allow trusted parties +> to send messages to be displayed in wallet software (and, very early +> on, actually remotely trigger the software to stop transacting). +>=20 +> It has been removed completely in Bitcoin Core after being disabled for a w= +hile. +>=20 +> While the system had some potential uses, there were a number of +> problems with it. +>=20 +> The alert system was a frequent source of misunderstanding about the +> security model and 'effective governance', for example a years ago a +> BitcoinJ developer wanted it to be used to control fee levels on the +> network and few months back one of Bloq's staff was pushing for a +> scheme where "the developers" would use it to remotely change the +> difficulty-- apparently with no idea how abhorrent others would find +> it. +>=20 +> The system also had a problem of not being scalable to different +> software vendors-- it didn't really make sense that core would have +> that facility but armory had to do something different (nor would it +> really make sense to constantly have to maintain some list of keys in +> the node software). +>=20 +> It also had the problem of being unaccountable. No one can tell which +> of the key holders created a message. This creates a risk of misuse +> with a false origin to attack someone's reputation. +>=20 +> Finally, there is good reason to believe that the key has been +> compromised-- It was provided to MTGox by a developer and MTGox's +> systems' were compromised and later their CEO's equipment taken by the +> Japanese police. +>=20 +> In any case, it's gone now in Core and most other current software-- +> and I think it's time to fully deactivate it. +>=20 +> I've spent some time going around the internet looking for all +> software that contains this key (which included a few altcoins) and +> asked them to remove it. I will continue to do that. +>=20 +> One of the facilities in the alert system is that you can send a +> maximum sequence alert which cannot be overridden and displays only a +> static key compromise text message and blocks all other alerts. I plan +> to send a triggering alert in the not-distant future (exact time to be +> announced well in advance) feedback on timing would be welcome. +>=20 +> There are likely a few production systems that automatically shut down +> when there is an alert, so this risks some small one-time disruption +> of those services-- but none worse than if an alert were sent to +> advise about a new system upgrade. +>=20 +> At some point after that, I would then plan to disclose this private +> key in public, eliminating any further potential of reputation attacks +> and diminishing the risk of misunderstanding the key as some special +> trusted source of authority. +>=20 +> Cheers, +> _______________________________________________ +> bitcoin-dev mailing list +> bitcoin-dev@lists.linuxfoundation.org +> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev + |