Return-Path: <sjors@sprovoost.nl>
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
 by lists.linuxfoundation.org (Postfix) with ESMTP id C2357C000A
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri,  9 Apr 2021 15:33:49 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp1.osuosl.org (Postfix) with ESMTP id A2BD684B13
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri,  9 Apr 2021 15:33:49 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level: 
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001,
 RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
 autolearn=ham autolearn_force=no
Authentication-Results: smtp1.osuosl.org (amavisd-new);
 dkim=pass (2048-bit key) header.d=sprovoost.nl header.b="XXJrCWn4";
 dkim=pass (2048-bit key) header.d=messagingengine.com
 header.b="s3i3ibCl"
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ihHXVam-n3cw
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri,  9 Apr 2021 15:33:48 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com
 [66.111.4.28])
 by smtp1.osuosl.org (Postfix) with ESMTPS id 0F7C484ACF
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri,  9 Apr 2021 15:33:47 +0000 (UTC)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
 by mailout.nyi.internal (Postfix) with ESMTP id 160725C008D;
 Fri,  9 Apr 2021 11:33:44 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute2.internal (MEProxy); Fri, 09 Apr 2021 11:33:44 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sprovoost.nl; h=
 from:message-id:content-type:mime-version:subject:date
 :in-reply-to:cc:to:references; s=fm2; bh=XgbFzdRxd1K6PKW7PSHBRQl
 bhZdOjUD4TOIwkAIYSNI=; b=XXJrCWn4Hx4BKFXI56eyqqxtA/vm8u1vXsKNwWt
 eoe0dmAmvNMUgNN/AsCPt4iIN+9SMuysZJnaLsKMo6QLl4km1LO56RcgKBWSiDaZ
 Qr1BmN3DXmKE6EyB9OWNtRA9gX7+7V7D3JfHwsqKWY0ybhKkjhLxE3AGX/Ir1Xnz
 q56ZqGr+1nqniGbtzL0SNitJNGwYsUvNS+PwzBL9HylJ16p2BdAUK9j/WODySWsA
 G9kSKZ4tNVOoS465wBcmn7pzLDRKt3YFjeJpLvj3tIOtY51rVZ/B8UMnHZX5L3Bp
 GJ+dQjd783UxeF7gnSJdnkzcm+Gku8JgGkzjgMicHq0npWg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=XgbFzd
 Rxd1K6PKW7PSHBRQlbhZdOjUD4TOIwkAIYSNI=; b=s3i3ibClAMs4nZVXwAtMno
 95bUDh7ezvlpRHZLp2xwP6C0gUv3EbRQxjKbO2DK3GMzMLCcJyG0aIbKZhZueojS
 btZC33NAfL4Or3eQyuQOiDFYQInnucTdJphz8GZsQgrS3bJLpJS5RcG3n//H8+Iy
 mv2WlVdvW/jV9hzaC644P0xrX0dWUGwRMJsFKGeIFk6hUeV+DliDlU3ebvfrQPmb
 qzH2MYXkSjROGuRTWp50rN+KXnfmVwk2zPaKts9w1KiV4QQQGZxnK8jSMlsy2zfX
 gaus31i4B1fOVdwTQAYGWl8Bm1BJvC7fc8m5P9sdN9tv2ZVUJNpnw2JKWlMkP2YQ
 ==
X-ME-Sender: <xms:1nNwYAtjxD7mIq72x9VhNSs4j_y4_KHVDCB2n3Z4cGI1POocml64ag>
 <xme:1nNwYKbLSpZnG2Ia5a4TSAKNnZ_pu9uQ1PyWlR4nb2rolwsT-NmX_XVWqJhGptqD9
 06MXLZ6TY6lZhFL-A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudekuddgleduucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
 cujfgurhephffktgggufffjgfvfhfosehgtdhmrehhtddvnecuhfhrohhmpefujhhorhhs
 ucfrrhhovhhoohhsthcuoehsjhhorhhssehsphhrohhvohhoshhtrdhnlheqnecuggftrf
 grthhtvghrnhepffevheetieekleelkeegiefhudelieegheeuieelhffhvdeiteevhfef
 heffvddunecukfhppeekiedrkedvrddvudegrddufeegnecuvehluhhsthgvrhfuihiivg
 eptdenucfrrghrrghmpehmrghilhhfrhhomhepshhjohhrshesshhprhhovhhoohhsthdr
 nhhl
X-ME-Proxy: <xmx:13NwYHb3wFa5SBRhQmFa4SOTXwk4igv97Yxqr3vvb_PbXQl1GCxkyg>
 <xmx:13NwYLnvg-v-X3hI0jeJDzP3j3W7QCnUfPdRkoPXc9lhmhUbXplQYw>
 <xmx:13NwYK1F0R1zhv_qRXMEGT3YAGzjVdCvIM0dUQo8_jnlhztkjtbY7A>
 <xmx:2HNwYGmV5vqFzCqxr9NcsTHrPBIsq3ASPqTxpyERZdaD10orutCxmg>
Received: from [192.168.2.10] (86-82-214-134.fixed.kpn.net [86.82.214.134])
 by mail.messagingengine.com (Postfix) with ESMTPA id 462541080057;
 Fri,  9 Apr 2021 11:33:42 -0400 (EDT)
From: Sjors Provoost <sjors@sprovoost.nl>
Message-Id: <FF336476-DCD2-4380-83CC-584DAF7A1D72@sprovoost.nl>
Content-Type: multipart/signed;
 boundary="Apple-Mail=_E9EE833A-59BE-4767-A5C5-38E7F5165619";
 protocol="application/pgp-signature"; micalg=pgp-sha256
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
Date: Fri, 9 Apr 2021 17:33:31 +0200
In-Reply-To: <CAPKmR9u8zc3C7QmJYg-vg5jcutS07PK-0wdvpzCqMGLgnhHCBA@mail.gmail.com>
To: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
References: <CAPKmR9uyY70MhmVCh=C9DeyF2Tyxibux1E_bLPo00aW_h+OjLw@mail.gmail.com>
 <CAPKmR9v=RK7byF0z0hKiLiA=Zm3ZZKbu3vEiuBuzQSXFwa+izw@mail.gmail.com>
 <DDAD27D6-57F5-4B39-AADB-B28E04E36D29@sprovoost.nl>
 <CAPKmR9u8zc3C7QmJYg-vg5jcutS07PK-0wdvpzCqMGLgnhHCBA@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
X-Mailman-Approved-At: Fri, 09 Apr 2021 15:47:30 +0000
Cc: marko <marko@shiftcrypto.ch>, aarondongchen@gmail.com,
 Peter Gray <peter@coinkite.com>
Subject: Re: [bitcoin-dev] Proposal: Bitcoin Secure Multisig Setup
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Apr 2021 15:33:49 -0000


--Apple-Mail=_E9EE833A-59BE-4767-A5C5-38E7F5165619
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_2E5715EA-C69C-4FBC-BB3B-F794F8DDFC7F"


--Apple-Mail=_2E5715EA-C69C-4FBC-BB3B-F794F8DDFC7F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Thanks for the detailed response. Just 1 thing I needed to clarify:

> To the list of concerns at the top of the BIP, I would add one: losing =
multisig setup context. E.g. in the event of a fire where you only =
recover your steel engraved mnemonic(s), but no longer have the wallet =
descriptors.
>=20
> Good point.
>=20
>=20
> If you still have all devices and know (or guess) the threshold then =
BIP48 and sorted_multi descriptors will save you. But if you have a =
2-of-3 setup and lost 1 device then without the metadata your coins are =
lost. In a future with musig(?) and miniscript increasingly the setup =
data is just as critical as the seeds.
>=20
> How so? Each signer device should ideally have a copy of the multisig =
configuration. If you lose 1 device in a 2-of-3, you can still spend =
from the wallet? Unless I'm missing something here.

I was thinking about a scenario where all devices are destroyed. All you =
have left are the mnemonics. But indeed if at least one of your devices =
is still intact AND it has the configuration, you're also good.

But there are plenty of devices out there that can't do this. Those =
devices can still be useful, even if they can't fully check everything.

Sjors

--Apple-Mail=_2E5715EA-C69C-4FBC-BB3B-F794F8DDFC7F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" =
class=3D"">Thanks for the detailed response. Just 1 thing I needed to =
clarify:<br class=3D""><div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div dir=3D"ltr" class=3D""><div =
class=3D"gmail_quote"><blockquote class=3D"gmail_quote" =
style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid =
rgb(204,204,204);padding-left:1ex">
To the list of concerns at the top of the BIP, I would add one: losing =
multisig setup context. E.g. in the event of a fire where you only =
recover your steel engraved mnemonic(s), but no longer have the wallet =
descriptors.<br class=3D""></blockquote><div class=3D""><br =
class=3D"">Good point.<br class=3D"">&nbsp;</div><blockquote =
class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px =
solid rgb(204,204,204);padding-left:1ex">
<br class=3D"">
If you still have all devices and know (or guess) the threshold then =
BIP48 and sorted_multi descriptors will save you. But if you have a =
2-of-3 setup and lost 1 device then without the metadata your coins are =
lost. In a future with musig(?) and miniscript increasingly the setup =
data is just as critical as the seeds.<br class=3D""></blockquote><div =
class=3D""><br class=3D"">How so? Each signer device should ideally have =
a copy of the multisig configuration. If you lose 1 device in a 2-of-3, =
you can still spend from the wallet? Unless I'm missing something =
here.<br class=3D""></div></div></div></blockquote><div><br =
class=3D""></div><div>I was thinking about a scenario where all devices =
are destroyed. All you have left are the mnemonics. But indeed if at =
least one of your devices is still intact AND it has the configuration, =
you're also good.</div><div><br class=3D""></div><div>But there are =
plenty of devices out there that can't do this. Those devices can still =
be useful, even if they can't fully check everything.</div><div><br =
class=3D""></div><div>Sjors</div></div></body></html>=

--Apple-Mail=_2E5715EA-C69C-4FBC-BB3B-F794F8DDFC7F--

--Apple-Mail=_E9EE833A-59BE-4767-A5C5-38E7F5165619
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE7ZvfetalXiMuhFJCV/+b28wwEAkFAmBwc8sACgkQV/+b28ww
EAmJzg//Tvklpj6xRIcoEluoqDGxKTab8gb/QaUd7FfmTcmHnNFbXqO+OPMMFn/M
YyV/W3O3C9PtnS6yY+gVX4saUV+OUKqaaWE0JlyrqqkMt9yZKelCw1y7GJdc0Tgb
ElMMa2AvqfUjB1SSj+0Zr0FqWTzz2OlQX18Bw/yEQVJMLUnCMiNaF9Y3KR6GQwOa
fT4e1cW3oQDCCzVp2dUgoFmbq3/Y4SvERWgsbqlvTOvrKdFTu8EhNHc7pNWz3BqN
T46e1Ssb5cMeCWTu/eRJewocuNluW57YYKkeNlX1GxUMy9XRB4OJ0UG74Waqk/1I
Asax7JiV6VOfh36JhkmuS+lAwyEBF6Q1aPGAErMWeuDFTJTxr+RudinkaLebo+Y+
0DjYB/AG/L2JKKZy7oqpAuLJoThEfLtri29XfNIAw7ku210aQ2FPzm37nihW7jKp
oy0rdHXym6eifB2eX2lwfxeCwy1DsulRf/tggTOInL0qcv7eHDNzXXiZtOqiICvw
uovbPk2gYeq4IWBBmJfuShZhAbpfrIkgpd9VCUb8aNLqcIhG5WIcvEzfFODidN90
t7/Ik1UgI+GURiYugMknM8Jk2odrGbHExjJsYimkjG5MS25efowp+QNWMryCsuNW
jc1YaLvhR98QC17PjH4zTX+YjVj9WeqgeW6iLgjLoywdgiO5ZUY=
=qBk+
-----END PGP SIGNATURE-----

--Apple-Mail=_E9EE833A-59BE-4767-A5C5-38E7F5165619--