diff options
| author | Peter Todd <pete@petertodd.org> | 2024-03-27 18:04:46 +0000 |
|---|---|---|
| committer | bitcoindev <bitcoindev@googlegroups.com> | 2024-03-27 11:26:31 -0700 |
| commit | 460d9ddc96e4156bf77ba1310bd64d291eb91077 (patch) | |
| tree | 140f893f9d7a35293ed604cdb45fa57c3d7f1015 | |
| parent | c03d1108f21cd2d5633104f7684766a01d9374c7 (diff) | |
| download | pi-bitcoindev-460d9ddc96e4156bf77ba1310bd64d291eb91077.tar.gz pi-bitcoindev-460d9ddc96e4156bf77ba1310bd64d291eb91077.zip | |
Re: [bitcoindev] A Free-Relay Attack Exploiting RBF Rule #6
| -rw-r--r-- | 03/7d146569ce2db520df6ccb37a2ce02464954b9 | 228 |
1 files changed, 228 insertions, 0 deletions
diff --git a/03/7d146569ce2db520df6ccb37a2ce02464954b9 b/03/7d146569ce2db520df6ccb37a2ce02464954b9 new file mode 100644 index 000000000..7b731cb2b --- /dev/null +++ b/03/7d146569ce2db520df6ccb37a2ce02464954b9 @@ -0,0 +1,228 @@ +Delivery-date: Wed, 27 Mar 2024 11:26:31 -0700 +Received: from mail-oi1-f184.google.com ([209.85.167.184]) + by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + (Exim 4.94.2) + (envelope-from <bitcoindev+bncBDRYHVHZTUGRBUGJSGYAMGQEGDTNJEI@googlegroups.com>) + id 1rpXyp-0007Aw-H8 + for bitcoindev@gnusha.org; Wed, 27 Mar 2024 11:26:31 -0700 +Received: by mail-oi1-f184.google.com with SMTP id 5614622812f47-3c3e1f6ce0fsf192924b6e.1 + for <bitcoindev@gnusha.org>; Wed, 27 Mar 2024 11:26:31 -0700 (PDT) +ARC-Seal: i=2; a=rsa-sha256; t=1711563985; cv=pass; + d=google.com; s=arc-20160816; + b=B0lcM3iMiddhUE75aWBEQnt+uWZ4DqeaD3X5ETvSNRt/xnDPaeoKf56DPenc7ElJgo + aA8XqeaTZl34mOGYjksi65otmzFLCdl3PlGyYTAh+KIr3dHzUdSgeA/jPkcuK9Diuja1 + VueVUSlO34Pe3kqgukFPKbdYrJap2hlHEG6FFUxLzw/ClPIB44nHy7bV6hLbo7fxvxpc + y8t+BkU5iBVfymDFnK2I2lCvi6sUs88hsqwzkVhds2Ft/9/7R0icUwjIB7SOs7yGfk5Y + CBnkS+ZV/FKmWfCv4yVkwNmp4MKYAr99f+fKDGMQ+WhH8u+E1QAb6L+vPpD+S2JshfwN + xIVA== +ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; + h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post + :list-id:mailing-list:precedence:in-reply-to:content-disposition + :mime-version:references:message-id:subject:cc:to:from:date + :feedback-id:sender:dkim-signature; + bh=BSSL1IVsbEXIsu8gT+pVqQAa2+Gtf0T/i0EEX4OoOEY=; + fh=X7s6JDURtymzz6g3zEs9tJV945Y7vXrW24C0JVVXnT4=; + b=qRC+3f5t9AWTJW7HObB+/RXKIRTUGglSIo9H8odh0pfMe+Ma4X6d6bcyPMreo3VJfT + mZDU9fFAtZ8mZbBVw6ge3/99CHpXz8ZQVgyo/gW8yqatVdwZeR9nn90iz9IVuMySYEb6 + fhNAo+LLnsrn7raMewu9oyzqxf0lNu0RA2VVmysUfkypifKLei6tqQje0TEHmZFjzDjg + E4DQZNuR0LTGTP9s2WgpNie7iGV4iWJa43JrNiTaS6xDYHTqYVSC95i0cjM/BxQy+KRc + IVvqjtRLe3QngKlCoFJkfnBT1bOd1pipBLyhYYHCJ8vb6S8CIPZ/lZq7kDIE3AqMjszS + 1XRg==; + darn=gnusha.org +ARC-Authentication-Results: i=2; gmr-mx.google.com; + dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=lCYMKAgr; + spf=pass (google.com: domain of pete@petertodd.org designates 64.147.123.24 as permitted sender) smtp.mailfrom=pete@petertodd.org +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=googlegroups.com; s=20230601; t=1711563985; x=1712168785; darn=gnusha.org; + h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post + :list-id:mailing-list:precedence:x-original-authentication-results + :x-original-sender:in-reply-to:content-disposition:mime-version + :references:message-id:subject:cc:to:from:date:feedback-id:sender + :from:to:cc:subject:date:message-id:reply-to; + bh=BSSL1IVsbEXIsu8gT+pVqQAa2+Gtf0T/i0EEX4OoOEY=; + b=o4Pv/GGGOAjNFXoPtatB10Wa658FDJ+lQNFK9CFmwVyNaHDLpXiblTC87NqBj9IWQo + 27OVQ1YyyPveXZKN+u9YWTwr6jLlH5MXfPODPibxsjwbfG0xVlgjZTXsLTYLM4wmhGGN + n9A8zGIhf+GvexTQOBsV4WAgBHRCRGDZ8RLu9H14HRbViluJtxOukI+NAKkwWp2F7i2C + HzJpjbVsXHVrcTFX0Uv/SBlWwqBf10iJrA/emYZekxFjtdkiu4Q/guOP3Cz51KwJMKnG + yNhRXJAUdExI6vuAuDBl9YMUk55Eix98xuDyPj9Ik0BOcNoZTJ+Ld5Fl1fCi2a2nk9QD + llOA== +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20230601; t=1711563985; x=1712168785; + h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post + :list-id:mailing-list:precedence:x-original-authentication-results + :x-original-sender:in-reply-to:content-disposition:mime-version + :references:message-id:subject:cc:to:from:date:feedback-id + :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date + :message-id:reply-to; + bh=BSSL1IVsbEXIsu8gT+pVqQAa2+Gtf0T/i0EEX4OoOEY=; + b=tSP9+WlegeFFL9BSLwXSoZdKfdncW7dJVYPmyW6WisC8wRKRR0KQTrDISeZWeCoqJw + zHLp7s8LGNYwXiNLGoLwxI2reRznoJ+JTS7U8icbsC38z4BPTIsPiEqjxKW+J0h3a1KF + vXKrKwXO5YdYmx1d3X/WoBZYAU/ddHN+1rFqVUKWMvjSJFJaRCCoq2A5c20GyUtJJoUm + AzSzyVyOQCRqj6Byq231Z7/UDbM/zpLXgnlevdVK0T2IQgKEL9mDJtgR7lU+QFVxbM2C + /zNghRRrp1lf/FtN17QTBPp0QQunCsXT9TFd1APm5DrLEMieLX4ushiXJ1y0Ybjokxpo + IqHA== +Sender: bitcoindev@googlegroups.com +X-Forwarded-Encrypted: i=2; AJvYcCVVXEai7TTQQ78iJOQQDP0gp5YoH7czlv2S21ZWFsEhIltxE970oyvsGJE65wU8Qenhf87zURP68crNDcoVOd649OkHmWM= +X-Gm-Message-State: AOJu0YzX9ddKf95QLSz9cQvr6yFwCG2e7/D1ccUyIXoAkTpmXgejnyi/ + 3mWSgTdnrkPEAK8qs391NX8QGVVp3WnLrbQHcUvOIYGcbZrJPr3w +X-Google-Smtp-Source: AGHT+IFX5GHNvWBZHooIC3zULGjZhjKUJd2tyLwSGBUfzYpBhkNnH5hKfjerX7qLFsyJqoKoIOEAoQ== +X-Received: by 2002:a05:6808:2905:b0:3c3:bd8b:b475 with SMTP id ev5-20020a056808290500b003c3bd8bb475mr686252oib.32.1711563985398; + Wed, 27 Mar 2024 11:26:25 -0700 (PDT) +X-BeenThere: bitcoindev@googlegroups.com +Received: by 2002:ac8:5bc4:0:b0:431:3419:79ef with SMTP id b4-20020ac85bc4000000b00431341979efls283759qtb.0.-pod-prod-07-us; + Wed, 27 Mar 2024 11:26:24 -0700 (PDT) +X-Received: by 2002:a05:622a:1ce:b0:431:3069:f1b8 with SMTP id t14-20020a05622a01ce00b004313069f1b8mr21922qtw.10.1711563984522; + Wed, 27 Mar 2024 11:26:24 -0700 (PDT) +Received: by 2002:a05:620a:2953:b0:78a:59df:2777 with SMTP id af79cd13be357-78b8a9a4eb1ms85a; + Wed, 27 Mar 2024 11:04:53 -0700 (PDT) +X-Received: by 2002:a05:6214:4a5c:b0:696:72ac:b84f with SMTP id ph28-20020a0562144a5c00b0069672acb84fmr270309qvb.10.1711562692858; + Wed, 27 Mar 2024 11:04:52 -0700 (PDT) +ARC-Seal: i=1; a=rsa-sha256; t=1711562692; cv=none; + d=google.com; s=arc-20160816; + b=oFuQckSUT2udZQ+OmZZTIwWVsgseqG4a/e3a+BaMLFSFxCBd+F+f0o8PGhbJ6maI5k + MAi86KDpXjYwBeMCUEw8IaDFpbLO8sw9IzaeYRYIFJBiorkOzuMLOXAn05RHh+0ICvPi + PsCqqyg6pbnkWriWNHuiBD6sgajMA4imADiaMMLBoy2+rOIJKE6/iH8uwuzzm3AUkPHY + N2KJm6fGA+2LKXr5lUVya0POyT5RKBCXgQ0t50ptnmMwHPcGC8GYQI/JbfcDGldLc0BH + oQ0W17839apnoImtm/dm+H5f7+uZ1Ez8tkK+4zHtFfAgxWZEeCzHlW2GGQ44XyxmkSIE + bChQ== +ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; + h=in-reply-to:content-disposition:mime-version:references:message-id + :subject:cc:to:from:date:feedback-id:dkim-signature; + bh=ZmiS4Gop8l28ZBfcjtPAL9YbaWiawiuBQm0iOD5tGPQ=; + fh=qAkUFgesXJOBZlEhHhc6qjOrC9x9vwcQK9K5cSmyNz0=; + b=Imk7UA5Bb9+toZO0A77uSSpzll9XClDJ8+zYaWm5Y/FuRpmOcPUam3EwYBgs9twQL7 + Au/54EwI2WDcitpO7DsLGL7eOkSXocYJuTrP4RjOxbQyyBL4zaETySVYyiV1Qjwgys8C + AIkoyOksmHGcqco4leKWNkIuZkZleVZV92AxJ21MYSq5Vhrxf2LwdIU3gToBHzwD8M3y + GARRKx35AUPeFD15XXrwkuRls+9drRhM8SVDwhWkQCWTRR0Huxz5moBqKkCSal8HH3fj + 9UwjylwmgFGXZU0SQy5Y3kZeuDfxOGaEzUaeoCMBz2oQ/xQch/T49UYq6QBb/w1YmdRr + qnLQ==; + dara=google.com +ARC-Authentication-Results: i=1; gmr-mx.google.com; + dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=lCYMKAgr; + spf=pass (google.com: domain of pete@petertodd.org designates 64.147.123.24 as permitted sender) smtp.mailfrom=pete@petertodd.org +Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com. [64.147.123.24]) + by gmr-mx.google.com with ESMTPS id ep20-20020a05621418f400b0069694f92763si343626qvb.4.2024.03.27.11.04.52 + for <bitcoindev@googlegroups.com> + (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); + Wed, 27 Mar 2024 11:04:52 -0700 (PDT) +Received-SPF: pass (google.com: domain of pete@petertodd.org designates 64.147.123.24 as permitted sender) client-ip=64.147.123.24; +Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) + by mailout.west.internal (Postfix) with ESMTP id 68BF43200A00; + Wed, 27 Mar 2024 14:04:51 -0400 (EDT) +Received: from mailfrontend2 ([10.202.2.163]) + by compute7.internal (MEProxy); Wed, 27 Mar 2024 14:04:51 -0400 +X-ME-Sender: <xms:wl8EZv3K3J7TIps07Rtr8bjRIxCGFx4hImc0f8ocWk9wI6mfyJ5xpQ> + <xme:wl8EZuHXk9HxQxO2GK43D7yG_YYCu2L5fvhejiK2oS7Za_KKn_qqbxSrvLT9aAvDH + i_g9ECWX2ASPyt7804> +X-ME-Received: <xmr:wl8EZv5osyhbGGWunqSH7RrO5SxQZxXWPX2-7vMcFzx0Gevak3Ab8qn1hQ> +X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudduiedgkeegucetufdoteggodetrfdotf + fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen + uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvvefukfhfgggtuggjsehgtd + orredttddvnecuhfhrohhmpefrvghtvghrucfvohguugcuoehpvghtvgesphgvthgvrhht + ohguugdrohhrgheqnecuggftrfgrthhtvghrnhepuddtffelkeeitdefgfetfeejhfffie + ffveelgedthfeufeefjeevleejkeefhfeinecuffhomhgrihhnpehpvghtvghrthhouggu + rdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh + epphgvthgvsehpvghtvghrthhouggurdhorhhg +X-ME-Proxy: <xmx:wl8EZk1Uw9emEEu0ODFsrX3Y_sgltZpzrwJmH0-uNheItCgHXTY1gw> + <xmx:wl8EZiHXJxUlYOtb0eGJEXXhIMm3Xpok3JCJEImyOIeJfXVPWNKnNQ> + <xmx:wl8EZl_bkD7TRHKJ0j-Pe1Eh4KDyk_TnfkQoAQ2P3iqs5xJjzYtnKw> + <xmx:wl8EZvlS9tjhYIAoivlR73JsxXZP001WJOfzPtjwZuv3bJ9s8VIuDw> + <xmx:wl8EZvMjUUN_qNadhEp7O3o9HowH7w7UwVhUYe_01lZ0dKO_9k3LTA> +Feedback-ID: i525146e8:Fastmail +Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, + 27 Mar 2024 14:04:50 -0400 (EDT) +Received: by localhost (Postfix, from userid 1000) + id 52C035F834; Wed, 27 Mar 2024 18:04:46 +0000 (UTC) +Date: Wed, 27 Mar 2024 18:04:46 +0000 +From: Peter Todd <pete@petertodd.org> +To: "David A. Harding" <dave@dtrt.org> +Cc: bitcoindev@googlegroups.com +Subject: Re: [bitcoindev] A Free-Relay Attack Exploiting RBF Rule #6 +Message-ID: <ZgRfvrYatcpqPNRn@petertodd.org> +References: <f7fbeb4f58904fc5a24b6fc2d829036c@dtrt.org> +MIME-Version: 1.0 +Content-Type: multipart/signed; micalg=pgp-sha512; + protocol="application/pgp-signature"; boundary="WIB19lrcLw7AqMfT" +Content-Disposition: inline +In-Reply-To: <f7fbeb4f58904fc5a24b6fc2d829036c@dtrt.org> +X-Original-Sender: pete@petertodd.org +X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass + header.i=@messagingengine.com header.s=fm2 header.b=lCYMKAgr; spf=pass + (google.com: domain of pete@petertodd.org designates 64.147.123.24 as + permitted sender) smtp.mailfrom=pete@petertodd.org +Precedence: list +Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com +List-ID: <bitcoindev.googlegroups.com> +X-Google-Group-Id: 786775582512 +List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com> +List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com> +List-Archive: <https://groups.google.com/group/bitcoindev +List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com> +List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>, + <https://groups.google.com/group/bitcoindev/subscribe> +X-Spam-Score: -0.8 (/) + + +--WIB19lrcLw7AqMfT +Content-Type: text/plain; charset="UTF-8" +Content-Disposition: inline + +On Wed, Mar 27, 2024 at 07:18:08AM -1000, David A. Harding wrote: +> On 2024-03-27 02:10, Peter Todd wrote: +> > On Tue, Mar 26, 2024 at 08:36:45AM -1000, David A. Harding wrote: +> > > Could you tell us more about the disclosure process you followed? +> > +> > see attached. +> +> Do I correctly infer from this that you privately reported the attack on +> Thursday around 15:46 UTC, didn't receive any replies in four days +> (including a weekend), and published the attack on Monday at 13:21 UTC? +> +> That's a very short timeline to use for going public due to not receiving a +> response. I think it's typical to give triage at least 30 days to respond, +> often while also prompting them additional times for a response if +> necessary. + +I'm on the bitcoin-security mailing list. Every single plausible issue that has +been raised in the past few years has gotten a response within two days. A few +days is plenty of time to at least respond with a simple "give us more time" if +needed. + +Secondly, I was able to verify independently that the relevant people had seen +the email and weren't planning on replying. Which isn't surprising. It's just +another way to perform an obvious, well known, class of attack. + +Anyway, I think the lesson to be learned here is I'd have been better off not +disclosing to bitcoin-security first. You're just harassing me here; I highly +suspect you'd have said nothing at all if I hadn't brought up disclosure. + +-- +https://petertodd.org 'peter'[:-1]@petertodd.org + +-- +You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. +To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. +To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZgRfvrYatcpqPNRn%40petertodd.org. + +--WIB19lrcLw7AqMfT +Content-Type: application/pgp-signature; name="signature.asc" + +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmYEX7wACgkQLly11TVR +LzdUvRAAnEHqY8tv/fTwr1iaFRJ4GsfcHxeY86z5DOxtBcIUnh/21n2fN3wEXMW0 +sgMo0Zky2eKfciOukT8Waqiudaijed91KA2fFc3A53Cuhyufkn1HaQHOTpToVGbL +VLWM0CEXltc0mQA1Yzj1BHa6UWJB/EbD4hdRdVcygbcsYgcl9+w22ghIHmtDAoEo +BpO396x0KYnBUDZzozib6v/b+9LcnXnDCf6Pgicj+gIu3ymFT48XPT9d972jG9y2 +jb3SXYVVOcSg4AI7Tz1vwN+5wK84assLJFvkrmMqDaP6lHPCiSWquLkNqFrQGZxA +XXgoqCfdJc0pzH7t+QPt10mDXq8b/jZjWDGs7NN3Or4/dAgMb/HswgojGghMKJOF +zUc6YcooB0QynuKmQ9g4BcGySo5flB/nArtoHLZ/Ru/PySO0sns+KTTAtb16N+VD +FKHv7f8QXispApOZ//dG9SoZMQHSfGDjX92I+3EdEvVdD5dt0i2ET/wNohSQHWn9 +W7KHa8kAXFibEytsrWOSrwBPBToKFwuQFjbdyFAZPLoZdYVOoQJ3PIXKPiRXWIqr +Wck//SfIAyH6ovyhnbxjqQxGVUlJcSVk5KeRJFvj1Umn45rDmYOgyog8oXWxdc3U +7zZDW7h5PdQb0XUHxRnTYL/eT/Rrr6DqXl+AWZk8eBQqLcKrSx4= +=LTSb +-----END PGP SIGNATURE----- + +--WIB19lrcLw7AqMfT-- + |