summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEric Voskuil <eric@voskuil.org>2016-09-09 17:54:28 -0700
committerbitcoindev <bitcoindev@gnusha.org>2016-09-10 00:54:30 +0000
commit3fb278c58874d0f6ce3d913425a1a42d43801ede (patch)
treefc3860d59242b1314ad519d8621656c7c0dfbb34
parent6f3ecbd0860ffe33eb6be0e593fbacbcdd5e0634 (diff)
downloadpi-bitcoindev-3fb278c58874d0f6ce3d913425a1a42d43801ede.tar.gz
pi-bitcoindev-3fb278c58874d0f6ce3d913425a1a42d43801ede.zip
Re: [bitcoin-dev] Completing the retirement of the alert system
-rw-r--r--d1/3ecb90db68f9a23aded9b887e54010d41517b3149
1 files changed, 149 insertions, 0 deletions
diff --git a/d1/3ecb90db68f9a23aded9b887e54010d41517b3 b/d1/3ecb90db68f9a23aded9b887e54010d41517b3
new file mode 100644
index 000000000..821edaf30
--- /dev/null
+++ b/d1/3ecb90db68f9a23aded9b887e54010d41517b3
@@ -0,0 +1,149 @@
+Return-Path: <eric@voskuil.org>
+Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
+ [172.17.192.35])
+ by mail.linuxfoundation.org (Postfix) with ESMTPS id EA627A55
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Sat, 10 Sep 2016 00:54:30 +0000 (UTC)
+X-Greylist: whitelisted by SQLgrey-1.7.6
+Received: from mail-pa0-f47.google.com (mail-pa0-f47.google.com
+ [209.85.220.47])
+ by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5AEFB192
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Sat, 10 Sep 2016 00:54:30 +0000 (UTC)
+Received: by mail-pa0-f47.google.com with SMTP id to9so33061827pac.1
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Fri, 09 Sep 2016 17:54:30 -0700 (PDT)
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=voskuil-org.20150623.gappssmtp.com; s=20150623;
+ h=from:content-transfer-encoding:mime-version:subject:message-id:date
+ :references:in-reply-to:to;
+ bh=ZPHqPkHEQ1iTsrxLJhkKoma2KyM4KkBb8Z8WHcFN6ck=;
+ b=h7dxAWEQPQpuzJ4Uk+LXpvUUr3jIAH8wJvNBXz1UwtooEBi89P+rxmIrviibtdMM0v
+ ipG9J+DX/DceJaKpGivxjccNwMGnSZrYUj+PZigzrP1CtNXvbdZWuxYqUtdNaw4d+Oc1
+ KY/3ToL8gfj9i9w4/mgGbzmmzD2DgYU1//SsfRqwWpdUPk0IowuF/zWRqjPRJ5ygY7eH
+ BNb2rvwJN7urMdikmAYav6NnWi9zuXxMGcgveOVwwhv6qqqpoBmQSzfgVNRZioMmw3vn
+ nx4mdlKPMNG+dBLTHYSWc86ub6gwOp5+kQr5Cp5PZLm28RUcsTyrqnUzdbb/sKNHyUdd
+ oWaQ==
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=1e100.net; s=20130820;
+ h=x-gm-message-state:from:content-transfer-encoding:mime-version
+ :subject:message-id:date:references:in-reply-to:to;
+ bh=ZPHqPkHEQ1iTsrxLJhkKoma2KyM4KkBb8Z8WHcFN6ck=;
+ b=Xz1nvfIonRJweB3pKIMRocLBKdpDdG6ukLCHoBTClSCUmICjo+KSxE6wpiFAq4+Tzr
+ jsQiFZr7GYDQefil8gonlWY1QE+Z9rN6UUhc2vAA3Q/v2JOaDj/WMn9SPgI4wCwyrNJu
+ 6zpa4e/Q2sLNSnKAF329sULLLABfGAe2C4rTqyXxa4dXjNTJS3bcGIwl62FWJAxCeMDs
+ AWV47hIZRwfniGMx27wOgRHhKd28w1VLOOGWdReRgMPN54YWKgpOGruc0VquMG7gM7HZ
+ 71J9/mK0/6iWRKbFI2o/LIG9LkfwBt8u2Etk2HwTH87WCqM1cNHDAo8L15fTiUAWVoEr
+ 4Xjg==
+X-Gm-Message-State: AE9vXwPEgDGK22nYH37J2eFS3/77/1OQbZZu/JrrBcJlVIeWZduGEHp57HY29u8B2bn+Iw==
+X-Received: by 10.66.7.33 with SMTP id g1mr11478875paa.92.1473468870052;
+ Fri, 09 Sep 2016 17:54:30 -0700 (PDT)
+Received: from ?IPv6:2601:600:9000:d69e:bd08:99e3:bd72:407b?
+ ([2601:600:9000:d69e:bd08:99e3:bd72:407b])
+ by smtp.gmail.com with ESMTPSA id 3sm7825464pfz.33.2016.09.09.17.54.28
+ (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
+ Fri, 09 Sep 2016 17:54:29 -0700 (PDT)
+From: Eric Voskuil <eric@voskuil.org>
+Content-Type: text/plain;
+ charset=us-ascii
+Content-Transfer-Encoding: quoted-printable
+Mime-Version: 1.0 (1.0)
+Message-Id: <474CB187-0642-452C-AE1B-00D46FAE8BAF@voskuil.org>
+Date: Fri, 9 Sep 2016 17:54:28 -0700
+References: <CAAS2fgTYOUSm07N4NYDCsjjwSbAo_ye84UvbQF--3JzhLHkG0Q@mail.gmail.com>
+In-Reply-To: <CAAS2fgTYOUSm07N4NYDCsjjwSbAo_ye84UvbQF--3JzhLHkG0Q@mail.gmail.com>
+To: Gregory Maxwell <greg@xiph.org>,
+ Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
+X-Mailer: iPhone Mail (13G35)
+X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
+ DKIM_VALID, MIME_QP_LONG_LINE,
+ RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
+X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
+ smtp1.linux-foundation.org
+X-Mailman-Approved-At: Sat, 10 Sep 2016 01:17:17 +0000
+Subject: Re: [bitcoin-dev] Completing the retirement of the alert system
+X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
+X-Mailman-Version: 2.1.12
+Precedence: list
+List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
+List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
+List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
+List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
+List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
+List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
+X-List-Received-Date: Sat, 10 Sep 2016 00:54:31 -0000
+
+ACK
+
+libbitcoin defines the message and includes the public key but only for comp=
+leteness and reference purposes. It has never been used in the node.
+
+e
+
+> On Sep 9, 2016, at 5:42 PM, Gregory Maxwell via bitcoin-dev <bitcoin-dev@l=
+ists.linuxfoundation.org> wrote:
+>=20
+> The alert system was a centralized facility to allow trusted parties
+> to send messages to be displayed in wallet software (and, very early
+> on, actually remotely trigger the software to stop transacting).
+>=20
+> It has been removed completely in Bitcoin Core after being disabled for a w=
+hile.
+>=20
+> While the system had some potential uses, there were a number of
+> problems with it.
+>=20
+> The alert system was a frequent source of misunderstanding about the
+> security model and 'effective governance', for example a years ago a
+> BitcoinJ developer wanted it to be used to control fee levels on the
+> network and few months back one of Bloq's staff was pushing for a
+> scheme where "the developers" would use it to remotely change the
+> difficulty-- apparently with no idea how abhorrent others would find
+> it.
+>=20
+> The system also had a problem of not being scalable to different
+> software vendors-- it didn't really make sense that core would have
+> that facility but armory had to do something different (nor would it
+> really make sense to constantly have to maintain some list of keys in
+> the node software).
+>=20
+> It also had the problem of being unaccountable. No one can tell which
+> of the key holders created a message. This creates a risk of misuse
+> with a false origin to attack someone's reputation.
+>=20
+> Finally, there is good reason to believe that the key has been
+> compromised-- It was provided to MTGox by a developer and MTGox's
+> systems' were compromised and later their CEO's equipment taken by the
+> Japanese police.
+>=20
+> In any case, it's gone now in Core and most other current software--
+> and I think it's time to fully deactivate it.
+>=20
+> I've spent some time going around the internet looking for all
+> software that contains this key (which included a few altcoins) and
+> asked them to remove it. I will continue to do that.
+>=20
+> One of the facilities in the alert system is that you can send a
+> maximum sequence alert which cannot be overridden and displays only a
+> static key compromise text message and blocks all other alerts. I plan
+> to send a triggering alert in the not-distant future (exact time to be
+> announced well in advance) feedback on timing would be welcome.
+>=20
+> There are likely a few production systems that automatically shut down
+> when there is an alert, so this risks some small one-time disruption
+> of those services-- but none worse than if an alert were sent to
+> advise about a new system upgrade.
+>=20
+> At some point after that, I would then plan to disclose this private
+> key in public, eliminating any further potential of reputation attacks
+> and diminishing the risk of misunderstanding the key as some special
+> trusted source of authority.
+>=20
+> Cheers,
+> _______________________________________________
+> bitcoin-dev mailing list
+> bitcoin-dev@lists.linuxfoundation.org
+> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
+