diff options
| author | Amir Taaki <zgenjix@yahoo.com> | 2012-02-29 09:02:29 -0800 |
|---|---|---|
| committer | bitcoindev <bitcoindev@gnusha.org> | 2012-02-29 17:02:42 +0000 |
| commit | c4dcb8d7c32de72d63928e162f3253d4d1fdb274 (patch) | |
| tree | a6a3643ccc530919b901a7ded2cd9a9caf2f21c4 | |
| parent | 1f9cc81228af6ef624f7693ec731424733d19f43 (diff) | |
| download | pi-bitcoindev-c4dcb8d7c32de72d63928e162f3253d4d1fdb274.tar.gz pi-bitcoindev-c4dcb8d7c32de72d63928e162f3253d4d1fdb274.zip | |
Re: [Bitcoin-development] Duplicate transactions vulnerability
| -rw-r--r-- | a4/e7bb0e17e60920816d16baf912b4af3e548c9f | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/a4/e7bb0e17e60920816d16baf912b4af3e548c9f b/a4/e7bb0e17e60920816d16baf912b4af3e548c9f new file mode 100644 index 000000000..6a1c736bb --- /dev/null +++ b/a4/e7bb0e17e60920816d16baf912b4af3e548c9f @@ -0,0 +1,126 @@ +Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] + helo=mx.sourceforge.net) + by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) + (envelope-from <zgenjix@yahoo.com>) id 1S2mvK-0001EU-0I + for bitcoin-development@lists.sourceforge.net; + Wed, 29 Feb 2012 17:02:42 +0000 +X-ACL-Warn: +Received: from nm30-vm5.bullet.mail.ne1.yahoo.com ([98.138.91.252]) + by sog-mx-4.v43.ch3.sourceforge.com with smtp (Exim 4.76) + id 1S2mvE-0000sl-9B for bitcoin-development@lists.sourceforge.net; + Wed, 29 Feb 2012 17:02:41 +0000 +Received: from [98.138.90.56] by nm30.bullet.mail.ne1.yahoo.com with NNFMP; + 29 Feb 2012 17:02:29 -0000 +Received: from [98.138.89.194] by tm9.bullet.mail.ne1.yahoo.com with NNFMP; + 29 Feb 2012 17:02:29 -0000 +Received: from [127.0.0.1] by omp1052.mail.ne1.yahoo.com with NNFMP; + 29 Feb 2012 17:02:29 -0000 +X-Yahoo-Newman-Property: ymail-5 +X-Yahoo-Newman-Id: 914322.57462.bm@omp1052.mail.ne1.yahoo.com +Received: (qmail 4193 invoked by uid 60001); 29 Feb 2012 17:02:29 -0000 +X-YMail-OSG: F1OYUs4VM1kGnHo5bVdVDjXrMJ1iYh.qG1gUGbe6ARKZfit + xJ3rTUT080Rn9Cd3lTD2MLEcEFpH6LAmTMqG_c6xJrZSOIfI5gt4P.OYDGnD + Umdq1MHFqA6ePmkfVF4_eHJFdPgTZcdZRkCBIQSaKlX3SKvcqFvmh6bcA6Fe + 4Vbs5879w6QMQvIRQ.o_tj6g2L2UZg8ZXQ0iQshRYLlpV0xoGJ1RQOP0VxtZ + IVd8Kf43I7r0Ku1ZIO3Vq1xb0zGiBiJqkHwyhcUWXAfTqrO5lXxMBX0rGr6O + b2a9pdeLDR0d5aOBQJHpFsoN3v3AIVD.yoGd3HZLdG08Smu7k0vh_lEbgdAU + vRFDEMEaJdczgT2T4RCQs8hLGLzS2fw9Hyk96EoTllYiN2TOGV6GiNAjG04M + ehfNNJWNFlWPJ85ph0pGd_d2pE8_IGxdr6ZgugmD0U10MHVxySDOtq820WzK + McbU9PZcmYJLk9aD5inibsvTrC7aDeMvkSWL010URAVp4uJ6d3Z9us8o2ZPB + 3Jlg30FwIxFsWyY6bTVGYlPVoLCmXh2FEdUWU_5QAjGV1QGLZjbKYJ36gtw- - +Received: from [2.97.161.54] by web121004.mail.ne1.yahoo.com via HTTP; + Wed, 29 Feb 2012 09:02:29 PST +X-Mailer: YahooMailWebService/0.8.116.338427 +References: <CAPg+sBhb+gYMwp1OJuCHYt5=BU63=YBWOFaLLthHBkN_U-scaA@mail.gmail.com> + <CANdZDc7c5D7YmAn7GUO+--9U2Z3Lz-CR9E-QsKriVeMoudeipA@mail.gmail.com> + <20120229164747.GA581@vps7135.xlshosting.net> +Message-ID: <1330534949.81609.YahooMailNeo@web121004.mail.ne1.yahoo.com> +Date: Wed, 29 Feb 2012 09:02:29 -0800 (PST) +From: Amir Taaki <zgenjix@yahoo.com> +To: "bitcoin-development@lists.sourceforge.net" + <bitcoin-development@lists.sourceforge.net> +In-Reply-To: <20120229164747.GA581@vps7135.xlshosting.net> +MIME-Version: 1.0 +Content-Type: multipart/alternative; + boundary="-1562933420-65607732-1330534949=:81609" +X-Spam-Score: 0.6 (/) +X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. + See http://spamassassin.org/tag/ for more details. + -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, + no trust [98.138.91.252 listed in list.dnswl.org] + 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider + (zgenjix[at]yahoo.com) + -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay + domain 1.0 HTML_MESSAGE BODY: HTML included in message + -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from + author's domain + 0.1 DKIM_SIGNED Message has a DKIM or DK signature, + not necessarily valid + -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature + -0.3 AWL AWL: From: address is in the auto white-list +X-Headers-End: 1S2mvE-0000sl-9B +Subject: Re: [Bitcoin-development] Duplicate transactions vulnerability +X-BeenThere: bitcoin-development@lists.sourceforge.net +X-Mailman-Version: 2.1.9 +Precedence: list +Reply-To: Amir Taaki <zgenjix@yahoo.com> +List-Id: <bitcoin-development.lists.sourceforge.net> +List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> +List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> +List-Post: <mailto:bitcoin-development@lists.sourceforge.net> +List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> +List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> +X-List-Received-Date: Wed, 29 Feb 2012 17:02:42 -0000 + +---1562933420-65607732-1330534949=:81609 +Content-Type: text/plain; charset=us-ascii + +I support BIP 30. + +I gave it a thought. The other ways of resolving this issue, all have various niggles. This is the best way. + + +________________________________ + From: Pieter Wuille <pieter.wuille@gmail.com> +To: Zooko Wilcox-O'Hearn <zooko@zooko.com> +Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net> +Sent: Wednesday, February 29, 2012 4:47 PM +Subject: Re: [Bitcoin-development] Duplicate transactions vulnerability + +On Tue, Feb 28, 2012 at 06:41:31PM -0700, Zooko Wilcox-O'Hearn wrote: +> Could you spell out the attack explicitly? Presumably there aren't a +> lot of people with the "malice energy" to perform the attack but not +> to figure it out for themselves. I, however, have the "niceness +> energy" to think about it for a few minutes but not to figure it out +> for myself. If in your opinion it is realistically dangerous to post +> it publicly, would you be so kind as to include me in the private +> sharing of the explanation? + +It's not exactly a secret anymore, as the patch also references it. +Russell O'Connor described the attack on his blog: +http://r6.ca/blog/20120206T005236Z.html + +-- +Pieter + +------------------------------------------------------------------------------ +Virtualization & Cloud Management Using Capacity Planning +Cloud computing makes use of virtualization - but cloud computing +also focuses on allowing computing to be delivered as a service. +http://www.accelacomm.com/jaw/sfnl/114/51521223/ +_______________________________________________ +Bitcoin-development mailing list +Bitcoin-development@lists.sourceforge.net +https://lists.sourceforge.net/lists/listinfo/bitcoin-development +---1562933420-65607732-1330534949=:81609 +Content-Type: text/html; charset=us-ascii + +<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><span>I support BIP 30.</span></div><div><span><br></span></div><div><span>I gave it a thought. The other ways of resolving this issue, all have various niggles. This is the best way.</span></div><div><br></div> <div style="font-size: 12pt; font-family: 'times new roman', 'new york', times, serif; "> <div style="font-size: 12pt; font-family: 'times new roman', 'new york', times, serif; "> <div dir="ltr"> <font size="2" face="Arial"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Pieter Wuille <pieter.wuille@gmail.com><br> <b><span style="font-weight: bold;">To:</span></b> Zooko Wilcox-O'Hearn <zooko@zooko.com> <br><b><span style="font-weight: bold;">Cc:</span></b> Bitcoin Dev <bitcoin-development@lists.sourceforge.net> <br> <b><span style="font-weight: bold;">Sent:</span></b> Wednesday, + February 29, 2012 4:47 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [Bitcoin-development] Duplicate transactions vulnerability<br> </font> </div> <br> +On Tue, Feb 28, 2012 at 06:41:31PM -0700, Zooko Wilcox-O'Hearn wrote:<br>> Could you spell out the attack explicitly? Presumably there aren't a<br>> lot of people with the "malice energy" to perform the attack but not<br>> to figure it out for themselves. I, however, have the "niceness<br>> energy" to think about it for a few minutes but not to figure it out<br>> for myself. If in your opinion it is realistically dangerous to post<br>> it publicly, would you be so kind as to include me in the private<br>> sharing of the explanation?<br><br>It's not exactly a secret anymore, as the patch also references it.<br>Russell O'Connor described the attack on his blog:<br>http://r6.ca/blog/20120206T005236Z.html<br><br>-- <br>Pieter<br><br>------------------------------------------------------------------------------<br>Virtualization & Cloud Management Using Capacity Planning<br>Cloud computing makes use of virtualization - but cloud + computing <br>also focuses on allowing computing to be delivered as a service.<br>http://www.accelacomm.com/jaw/sfnl/114/51521223/<br>_______________________________________________<br>Bitcoin-development mailing list<br><a ymailto="mailto:Bitcoin-development@lists.sourceforge.net" href="mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.net</a><br><a href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development" target="_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a><br><br><br> </div> </div> </div></body></html> +---1562933420-65607732-1330534949=:81609-- + + |