Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id CDFF2F5A; Tue, 3 Jul 2018 12:05:20 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 80400704; Tue, 3 Jul 2018 12:05:19 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id b188-v6so2065344wme.3; Tue, 03 Jul 2018 05:05:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version; bh=MZCi9zgt/kcTVzWqq7yQdSri+MjCYuTfgb+O1kkYH1Y=; b=Q7PB9+qVj7YWAD7/jQ+JUoAF0VDnm6BErM3zSGW5j3koxsZBt2UTSxF8ZsI0rZAO1u 4irFkA+YI/ymZ2czUwBxiJ5ULvZYbgzv2NIAbyOubwEEHGBKYiBJP8w7kaAIK8fk69Tp iNsetEGcrug4eMVj35bQnF5uyJPmbJc4iAeTwyN39cw0A1qtdv3gJIeqDtqHtCBj0ZEU bLekaoOqyWMpRBTsEo8FjdHVwU8JxLuWoyJDvoSjQ6ebYcyAG73gBK8tOGb85EZc36W1 3wGZlHTsUFkPQOKCLsIw9ORkbIk1+KeD6E1B9C8du6gfw0hXZDQUGN0JqueSlI987mXT QOOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=MZCi9zgt/kcTVzWqq7yQdSri+MjCYuTfgb+O1kkYH1Y=; b=d5SHh+ZD1uvTElROmnSMFEq4JLvg6/S0C+poFQ9YnY4HMFZG8iQbru2cNFTYaP7ecV DLMZxFYCMk9ftV+lm1q/h+2RcC3h3BLkuJt/xYtTqiKF/TDrWZGEqqcAqHLGvilCyWzd j9CV6gXTBGt7GIgoItAuubofijCZ6SoCKC10Jc4WJKcjL01vqhuoBbT4LXIosscr22nm mSPrs1KqLNusM4QWdZ1SxJRv6/urPd6liObU45uKQdaywPxLU3okaUsx/ou95V2BlsIR dLwqRs39oTtiqqI0t1b3tyBy3wRt2mphiejDp3t9OODR+jFB3N96MX8AtOMitoNL8rkU 8hDg== X-Gm-Message-State: APt69E2V57d7B4LsUkqs83PyS/UXJ+fMyvZzfgy8psOcdG0pWPFKoSB4 TvSQ/Zi8TOX1V0ATB0OAW1c= X-Google-Smtp-Source: AAOMgpf5rNwSYUwD0Q2OZZAKVP5p9xlcAYbX44uI/NpJWCWH3s7ky1a35dh18M/ve3vhm/Uwm2425Q== X-Received: by 2002:a1c:3c4:: with SMTP id 187-v6mr9984828wmd.96.1530619518108; Tue, 03 Jul 2018 05:05:18 -0700 (PDT) Received: from localhost ([89.180.169.210]) by smtp.gmail.com with ESMTPSA id 125-v6sm2267476wmw.9.2018.07.03.05.05.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 03 Jul 2018 05:05:16 -0700 (PDT) From: Christian Decker To: Gregory Maxwell , Bitcoin Protocol Discussion In-Reply-To: References: <871sewirni.fsf@gmail.com> Date: Tue, 03 Jul 2018 14:05:09 +0200 Message-ID: <871sckjzii.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: lightning-dev@lists.linuxfoundation.org Subject: Re: [bitcoin-dev] BIP sighash_noinput X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2018 12:05:20 -0000 Gregory Maxwell writes: > I know it seems kind of silly, but I think it's somewhat important > that the formal name of this flag is something like > "SIGHASH_REPLAY_VULNERABLE" or likewise or at least > "SIGHASH_WEAK_REPLAYABLE". This is because noinput is materially > insecure for traditional applications where a third party might pay to > an address a second time, and should only be used in special protocols > which make that kind of mistake unlikely. Otherwise, I'm worried > that wallets might start using this sighash because it simplifies > handling malleability without realizing that when a third party reuses > a script pubkey, completely outside of control of the wallet that uses > the flag, funds will be lost as soon as a troublemaker shows up (but > not, sadly, in testing). This sort of risk is magnified because the > third party address reuser has no way to know that this sighash flag > has (or will) be used with a particular scriptpubkey. Absolutely agree that we should be signaling the danger of using noinput as clearly as possible to developers, and I'm more than happy to adopt the _unsafe suffix suggested by jb55. I think using non-sighash_all sighashes is always a huge danger, as you have correctly pointed out, so maybe we should be marking all of them as being unsafe, or make sure to communicate that danger on a higher level (docs).