Return-Path: Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 12E31C0893 for ; Tue, 22 Dec 2020 00:22:51 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 0C5C8873A1 for ; Tue, 22 Dec 2020 00:22:51 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J+j1iWrRoOss for ; Tue, 22 Dec 2020 00:22:49 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail-40136.protonmail.ch (mail-40136.protonmail.ch [185.70.40.136]) by hemlock.osuosl.org (Postfix) with ESMTPS id 120F48739E for ; Tue, 22 Dec 2020 00:22:49 +0000 (UTC) Date: Tue, 22 Dec 2020 00:22:37 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wuille.net; s=protonmail2; t=1608596566; bh=Wt3vtYEJZFfcnYaLFj8PjmAluO5U77Udk8Wxlhwjkmw=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=Gh0+nIpxelDGeiekLCID6Q3KffnwWUdGc9Q3RhswrpXAT3n9TAK65kyNhVs90MsSY u4Durg3YuH1kJ69SChWNJlSX3XRWD2SfuvyYuq7vDNxefhBB1N+9fR+B5hUuEJibTJ k4lJuRUIX9Yxq5JnWVDTI+1lKuO9w0plkgNGTpjQgWGOx8eKmMbp3q42wZ+iVt7pls 6nYUrQmAfpbId0P11S5V2Bp3EgsuwjEq6gR7APGDF8GkAPFxogWChjxYIixy2Zvqdy Fj3cHTMWhKGCnHPUNccCiYxF9VpBE7V+/L11NIl9YVQsusbr2HqUxka+mhht1Zljqc 5SYdfBamIhpmQ== To: Pieter Wuille , Bitcoin Protocol Discussion From: Pieter Wuille Reply-To: Pieter Wuille Message-ID: In-Reply-To: References: <20201218152720.GW106279@boulet> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [bitcoin-dev] BIP-0322 (generic signmessage) improvements X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Dec 2020 00:22:51 -0000 On Monday, December 21, 2020 2:57 PM, Pieter Wuille via bitcoin-dev wrote: > On Sunday, December 20, 2020 9:37 PM, Karl-Johan Alm via bitcoin-dev bitc= oin-dev@lists.linuxfoundation.org wrote: > > > Thanks a lot for taking the time to brush up the BIP. For what it's > > worth, I am all for these changes, and I see them as clear > > improvements all around. > > IIRC Pieter was the one who originally suggested the two-checks > > approach (invalid, inconclusive, valid) which is being modified here, > > so would be good if you chimed in (or not -- which I'll assume means > > you don't mind). > > I agree with the idea of permitting incomplete validators to return incon= clusive as well. That doesn't really reduce the functionality (given that "= inconclusive" was already a potential result), and it obviously makes it mu= ch more accessible to a variety of software. > > This suggestion breaks the original use of inconclusive though: the abili= ty to detect that future features are used in the signature. The idea was t= o use divergence between "consensus valid" and "standardness valid" as a pr= oxy for future extensions to be detected (e.g. OP_NOPn, future witness vers= ions, ...). I think it's undesirable that these things now become unconditi= onally invalid (until the BIP is updated, but once that happens old validat= ors will give a different result than new ones). > > Since the BIP no longer relies on a nebulous concept of standardness, and= instead specifically defines which standardness features are to be conside= red, this seems easy to fix: whenever validation fails due to any of those,= require reporting inconclusive instead of invalid (unless of course someth= ing actually invalid also happens). In practice I guess you'd implement tha= t (in capable validators) by still doing validation twice, once with all fe= atures enabled that distinguish between valid/invalid, and if valid, again = but now with the features enabled that distinguish between valid and (inval= id or inconclusive). Re-reading your proposed text, I'm wondering if the "consensus-only validat= ion" extension is intended to replace the inconclusive-due-to-consensus-and= -standardness-differ state. If so, I don't think it does, and regardless it= doesn't seem very useful. What I'm suggestion could be specified this way: * If validator understands the script: * If signature is consensus valid (as far as the validator knows): * If signature is not known to trigger standardness rules intended for = future extension (well-defined set of rules listed in BIP, and revisable): = return valid * Otherwise: return inconclusive * Otherwise: return invalid * Otherwise: return inconclusive Or in other words: every signature has a well-defined result (valid, invali= d, inconclusive) + validators may choose to report inconclusive for anythin= g they don't understand. This has the property that as long as new consensus rules only change thing= s that were covered under for-future-extension standardness rules, no two v= alidators will ever claim valid and invalid for the same signature. Only va= lid+inconclusive or invalid+inconclusive. Cheers, -- Pieter