Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Z25ve-0000eo-Tf for bitcoin-development@lists.sourceforge.net; Mon, 08 Jun 2015 22:54:02 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.217.182 as permitted sender) client-ip=209.85.217.182; envelope-from=kristovatlas.lists@gmail.com; helo=mail-lb0-f182.google.com; Received: from mail-lb0-f182.google.com ([209.85.217.182]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Z25vd-0005Bm-I3 for bitcoin-development@lists.sourceforge.net; Mon, 08 Jun 2015 22:54:02 +0000 Received: by lbbqq2 with SMTP id qq2so841456lbb.3 for ; Mon, 08 Jun 2015 15:53:55 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.112.201.74 with SMTP id jy10mr19429838lbc.94.1433804035165; Mon, 08 Jun 2015 15:53:55 -0700 (PDT) Received: by 10.152.163.98 with HTTP; Mon, 8 Jun 2015 15:53:54 -0700 (PDT) In-Reply-To: <20150607023523.GB1570@savin.petertodd.org> References: <44BE16F9-AB24-4A8E-BC7F-03A6C590FCE7@gmail.com> <20150607023523.GB1570@savin.petertodd.org> Date: Mon, 8 Jun 2015 18:53:54 -0400 Message-ID: From: Kristov Atlas To: Peter Todd Content-Type: multipart/alternative; boundary=001a11c36c963194ab05180984f5 X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (kristovatlas.lists[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1Z25vd-0005Bm-I3 Cc: Bitcoin development mailing list Subject: Re: [Bitcoin-development] Lexicographical Indexing of Transaction Inputs and Outputs X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2015 22:54:02 -0000 --001a11c36c963194ab05180984f5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hey Peter, thanks for your experienced feedback. On Sat, Jun 6, 2015 at 10:35 PM, Peter Todd wrote: > Why mention SIGHASH_SINGLE at all? Its use-case is highly specialized > protocols; you haven't taken into account the needs of those protocols. > For BIP's it's better to stick to the use-cases where the need is clear > and there exists running code that to speculate too much on future uses. > With signature hashing in particular it's not yet clear at all what > future OP_CHECKSIG's will look like, let alone the various ways people > will use sighash for smart contract type stuff. > > You'd be better off presenting the BIP in terms of a generic statement > that "except when otherwise prevented by advanced signature hashing > requirements, wallet software must emit transactions sorted according to > the following" You can then specify the two common cases in detail: > > 1) SIGHASH_ALL: input and output order signed, so sort appropriately > > 2) SIGHASH_ANYONECANPAY: input order not signed, so software should emit > transactions sorted, recognising that the actual mined order may be > changed. > That makes sense. I updated the language as follows -- your thoughts? Keep in mind this BIP is informational, and so people are free to ignore it. "Applicability: This BIP applies to all transactions of signature hash type SIGHASH_ALL. Additionally, software compliant with this BIP that allows later parties to update the transaction (e.g. using signature hash types SIGHASH_NONE or a variant of SIGHASH_ANYONECANPAY) should emit lexicographically sorted inputs and outputs, although they may later be modified. Transactions that have index dependencies between transactions or within the same transaction are covered under the section of this BIP entitled =E2=80=9CHandling Input/Output Dependencies.=E2=80=9D" > As for IsStandard() rules - let alone soft forks - better to leave > discussion of them out for now. In particular, for the soft-fork case > mandating certain transaction orders will very likely cause problems in > the future for future OP_CHECKSIG upgrades. For SIGHASH_ANYONECANPAY, it > might be appropriate for nodes to enforce a certain ordering, but that > can be a separate BIP. (actually implementing that in Bitcoin Core would > be annoying and ugly right now; without replace-by-fee ANYONECANPAY has > a silly DoS attack (adding low-fee inputs) so I can't recommend wallets > use it in the general case yet) > > "and a sequence number currently set to 0xFFFFFFFF." <- Actually, this > will be changed in Bitcoin Core as of v0.11.0, which implements > anti-fee-sniping w/ nLockTime.(1) (I need to write up a full BIP > describing it) > Thanks for the heads-up; removed. > Do you have a patch implementing deterministic tx ordering for Bitcoin > Core yet? > I'm not a frequent C programmer, so I'd prefer to let someone else take care of it, as a frequent committer of code would do a faster and more stylistically consistent job of it. If no one else will, however, I will. -Kristov --001a11c36c963194ab05180984f5 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hey Peter, thanks for your experienced feedback.
<= div class=3D"gmail_extra">
On Sat, Jun 6, 201= 5 at 10:35 PM, Peter Todd <pete@petertodd.org> wrote:
Why mention SIGHASH_SINGLE = at all? Its use-case is highly specialized
protocols; you haven't taken into account the needs of those protocols.=
For BIP's it's better to stick to the use-cases where the need is c= lear
and there exists running code that to speculate too much on future uses. With signature hashing in particular it's not yet clear at all what
future OP_CHECKSIG's will look like, let alone the various ways people<= br> will use sighash for smart contract type stuff.

You'd be better off presenting the BIP in terms of a generic statement<= br> that "except when otherwise prevented by advanced signature hashing requirements, wallet software must emit transactions sorted according to the following" You can then specify the two common cases in detail:
1) SIGHASH_ALL: input and output order signed, so sort appropriately

2) SIGHASH_ANYONECANPAY: input order not signed, so software should emit =C2=A0 =C2=A0transactions sorted, recognising that the actual mined order m= ay be
=C2=A0 =C2=A0changed.

That makes sense.= I updated the language as follows -- your thoughts? Keep in mind this BIP = is informational, and so people are free to ignore it.

"Applicability: This BIP applies to all tra= nsactions of signature hash type SIGHASH_ALL. Additionally, =C2=A0software = compliant with this BIP that allows later parties to update the transaction= (e.g. using signature hash types SIGHASH_NONE or a variant of SIGHASH_ANYO= NECANPAY) should emit lexicographically sorted inputs and outputs, although= they may later be modified. Transactions that have index dependencies betw= een transactions or within the same transaction are covered under the secti= on of this BIP entitled =E2=80=9CHandling Input/Output Dependencies.=E2=80= =9D"
=C2=A0
As for IsStandard() rules - let alone soft forks - better to leave
discussion of them out for now. In particular, for the soft-fork case
mandating certain transaction orders will very likely cause problems in
the future for future OP_CHECKSIG upgrades. For SIGHASH_ANYONECANPAY, it might be appropriate for nodes to enforce a certain ordering, but that
can be a separate BIP. (actually implementing that in Bitcoin Core would be annoying and ugly right now; without replace-by-fee ANYONECANPAY has
a silly DoS attack (adding low-fee inputs) so I can't recommend wallets=
use it in the general case yet)

"and a sequence number currently set to 0xFFFFFFFF." <- Actual= ly, this
will be changed in Bitcoin Core as of v0.11.0, which implements
anti-fee-sniping w/ nLockTime.(1) (I need to write up a full BIP
describing it)

Thanks for the heads-up;= removed.
=C2=A0
Do you have a patch implementing deterministic tx ordering for Bitcoin
Core yet?

I'm not a frequent C prog= rammer, so I'd prefer to let someone else take care of it, as a frequen= t committer of code would do a faster and more stylistically consistent job= of it. If no one else will, however, I will.

-Kristov

--001a11c36c963194ab05180984f5--