Delivery-date: Wed, 27 Mar 2024 02:57:31 -0700 Received: from mail-oo1-f55.google.com ([209.85.161.55]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1rpQ2E-00060q-Bl for bitcoindev@gnusha.org; Wed, 27 Mar 2024 02:57:30 -0700 Received: by mail-oo1-f55.google.com with SMTP id 006d021491bc7-59907104d88sf6019685eaf.3 for ; Wed, 27 Mar 2024 02:57:29 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711533444; cv=pass; d=google.com; s=arc-20160816; b=Chu7S8aYRc3lMdmYY3LBky6lO9cCXjKDNIxI/IbZdbWISk9VItLLe9X/Hh3PosA2rN AkpIPd495rKZ5tLlUpksEh6/EGbWtKyyjvgmvGiOBkYCsjLkBHMA1pmmrDpWk50d5XI2 +YFstkBB6uKIm0CwUlNf5lExa4VVcJJ0lmcKFZOIcRrdK3m6RpKao09EBLKqN/yPRekD wzy8cozv352AxP3xvQGJnjOUEdaPe7xz9wHpxLz4J3cgkXmY3Yb8mXnlxVwgHLuFrMmX b6CdsYEp70lpyUCfL6N4jPNIbQgy28zgdPmekbcTdKIs4/XjXUMC0xow7eeQJU3/UyEB oM1w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:sender:dkim-signature :dkim-signature; bh=fvikyCqEk3RBQdd1XknE46tgqyUxyA5+2XxOQfFl39Y=; fh=lTD1osv9EyRBc07COCmJfNoGhvgNO8MjUjiXudHwwiQ=; b=dzSLdBJhZ3boCUa2hKIOyz/iv4/LgS/JTtC5e5BL6cTi4qZZcv1T+qKhEw/KbdVh3b iwozZ5bL9KqWC/GmS3ccc4Aht5FtW6D1cRqOsKEKSBT9ZZLaKmvgpNVq93s7f3V5xCYO cPiVqaQLpcUfplsb77R0YegB/T6dm1htxu5mf7HkKWaIt2NVz0qzAIk+d1aTiJJAOZO5 MdtjQDfH1CvZaq4Rfz01Cggm4G8hl5gnNi3AYC9+NfUWDN6B8t3v7REyxQuCnt/1Sq3e fSB5kw3HgqSMLE3sOKBhai/DF5RR9wMFNVsFGjLYYwm2S+YbYtC4ZXQF3HONa1dR+v3J R4Eg==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Fgf2VGIC; spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::1133 as permitted sender) smtp.mailfrom=antoine.riard@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1711533444; x=1712138244; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:sender:from:to:cc:subject:date:message-id :reply-to; bh=fvikyCqEk3RBQdd1XknE46tgqyUxyA5+2XxOQfFl39Y=; b=qvv3hIjF4uO/vdeT+IE1RWu3PvGneHGtpUgbb1cesHojyU9WGtSj5ko+azmIfNeP4u C0zUqv8rWGiN7w/dSQqwqYpAqFqHI9ohT+t7jHW5B9Xf5/n1zXB2uCyGimG/7kCbeDBc sDPl47FqaxmmWHDd8/pQvhFCkBPUw8nvMCaJ+sWwNU/Qo0LNnqjjwthyXKXvjkivbMnT ++80yPnVHUp1VCmQqyVSnC05efxS3tGpaEaupcaLmE7t5yC7Jr7JcaeGvGAIhjGxG1CL d+2RoUgd8w18UVnBIfZao1i1Cb3cWLY2HUtx84qWJn5UZs/eQ393am6GNvmQRU18/89d IsJQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711533444; x=1712138244; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:from:to:cc:subject:date:message-id:reply-to; bh=fvikyCqEk3RBQdd1XknE46tgqyUxyA5+2XxOQfFl39Y=; b=hkl7cCkpZfoectdV/JeS84N2SACfnVO22yNZEXm2SS+nNqpLZpJDyDM4NJlx52JVbB nS0/jM4fhS/a2c5xX3+tnAfzSlys/R/3Z/Ey5EwXSY+W1jTFtkYTJ3PZ+FZS/WSjA0/M 469A05+3AbL5i1nO3XYb19vPOOJCrja6/OQqXMcmpFea4EnkvhaFW+7CEmE9mtW3WnhI sSnf76oLS0NYy/RbG8v2jHQ7TJAe8eXpovoVV1ktDoBmPhYU5Lkk8i5Lw7MoQLMCX1G2 1AVV9twT9H8Ky0AF6awKTVaKnZnrZVCkFmp75w+7UuKtQPuMcr0RuIhqNcMGL20Ew1fc 71OQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711533444; x=1712138244; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:x-beenthere:x-gm-message-state:sender:from :to:cc:subject:date:message-id:reply-to; bh=fvikyCqEk3RBQdd1XknE46tgqyUxyA5+2XxOQfFl39Y=; b=E9ECJbnqR/6uFXvEuhBy1NE2cZAtpd6wQo8gUxN/c0iGPqliTs/AYbgQQbEj5tVuvC hZ0NAJ1VMmjcjjSLnpPsnQxBoYdrs9cTCjAfLdDAuj+mISQJ72AERBBrZiuju2Xv6xGh /NvtfNHAwbttd0IBQOEnUzua6fOrFR7VarH4CpBmvkG85mr+9/k1+UFRHQCR1oSsBBQU NBvzVrdMoeFDVrkkBfZgYJGduoO2p62pQrPMSEcM1NL42UqTcSVBSFGYswQEQ/kQSDl1 frqxbpggONWVO2uwN37AbNFZKB7RxDhIs0m3cR+r6n0BPE8oY3H1pHjbXN44TUbVuasp m00g== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCUjK3AanDmF6x7kovOmZTYwA2pRJ1MSaBoCxvDPyZNJJNlhVFB8Y++cGQW9nBVQaKxygtcB3ep1mUX0NDj1svvks+fOEx4= X-Gm-Message-State: AOJu0YyCCn6YkOcveL+eCW0M9ADC251HPe3XHs66LroT0Cl6HJzN6Od1 UnwFxlpqX/Z0K3dVzG1Zi3Ww1GrhxV5JB+IYgXkEw8xnyJdfBDek X-Google-Smtp-Source: AGHT+IGryXQX2rVxiJV4H6ywA22zKQKPoxOd2Wbw5Bub7JufDUFBWJot8kLV7yQlcPkpp/alzOQVew== X-Received: by 2002:a4a:ee86:0:b0:5a4:f5b6:4ed4 with SMTP id dk6-20020a4aee86000000b005a4f5b64ed4mr689241oob.8.1711533443606; Wed, 27 Mar 2024 02:57:23 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a4a:bb92:0:b0:5a5:3718:5787 with SMTP id h18-20020a4abb92000000b005a537185787ls3633462oop.1.-pod-prod-02-us; Wed, 27 Mar 2024 02:57:22 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVQhT0XlslJbrhOEd7H3L6a8ZyOVN5ixfeJcnYCFidxPT8pMBRdQQivh9Tn9mVp1KWdgAzsNWwDqOXterS5dJN/jKmDHu29TX8UBHg= X-Received: by 2002:a05:6830:34a0:b0:6e6:ef7d:1a15 with SMTP id c32-20020a05683034a000b006e6ef7d1a15mr104606otu.1.1711533442662; Wed, 27 Mar 2024 02:57:22 -0700 (PDT) Received: by 2002:a05:6808:1288:b0:3c3:d110:85c6 with SMTP id 5614622812f47-3c3de9a8d9fmsb6e; Tue, 26 Mar 2024 23:28:00 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUw+oo23FjSY4AARcl7kZSCm8gOPf1Bu6aRtVRAp3dHiYtYiAiN7Xqh6raG3pNjmpIFV751N+JUejp3lQYQTawv0eUGHnlSo5rWJR8= X-Received: by 2002:a05:6808:3206:b0:3c3:d56a:d91 with SMTP id cb6-20020a056808320600b003c3d56a0d91mr465336oib.38.1711520879895; Tue, 26 Mar 2024 23:27:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1711520879; cv=none; d=google.com; s=arc-20160816; b=t1G0WANul6JmWM7d6IwB4e8qo5wvEa/FT6OK7uPCfUAnkbfLkWjhbV3cGG25VwCeRB G1aug/rEuqsqKualN4H7sqvkpkBcNRsyrr7kBaKllWjzpN/btrAdBP9KHZNJHINg3Bla MLsuR/My4fdMyWPNhSUa4Bm5A3E3ntCqaIZj3LPGXbLgnJEFefjclp0P2U0yBEIEAe44 eE5JSVJyt3FM/iKTG3XQxY86sO72uvK0GY6cLCp+h5Y78Zmtray9xxw7uGfUJFf0/CQR RXUQIfUwz43n3B1zYZl/RPMgxX8rrFPRoENQSGTfBxWe3XnYApSrItRJu2GfBE6Qbj5s V78Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=5ZX5a+hq7/GqHuZyU64ZhvRa4fGtRWLzEaQnymZAsrc=; fh=uzEk22hoDzqh09zTypPyue+JA+Ou3JKDcqpEHQC5XFA=; b=RmX2R6sXGP+KoBMqtL/mdlxV+j4qV7g8Bvy2liv4aSdGYDb7kDnLv+7mz783FugT1f sLtMUq/OHCmBuSpx6zIXCQsOF2yd9dZOHY48I0pk6yXF0i02pmM+HXymDOyNpfhyajaL VV5r7VNf6DgxchXsROL5BPTTC6HwBeDYK+hYVHGOVyRzmAcA51/OixK5Zrlu9OnKM0An knzMFmvfABGC3iN3Dois68ELpUIlTZTpXgV0izSepgfYQtrBEkre+vdQsVpSYvX4qe08 uVPjRpeoewkUACzTkdudsJpw7Ol7bSjBmFvQzPUziJ27Fe0eXJuNflKeDhco/3V+pUyk Ms8Q==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Fgf2VGIC; spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::1133 as permitted sender) smtp.mailfrom=antoine.riard@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-yw1-x1133.google.com (mail-yw1-x1133.google.com. [2607:f8b0:4864:20::1133]) by gmr-mx.google.com with ESMTPS id x15-20020a056808144f00b003c39f1a5335si528512oiv.1.2024.03.26.23.27.59 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 26 Mar 2024 23:27:59 -0700 (PDT) Received-SPF: pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::1133 as permitted sender) client-ip=2607:f8b0:4864:20::1133; Received: by mail-yw1-x1133.google.com with SMTP id 00721157ae682-60a046c5262so60482977b3.2 for ; Tue, 26 Mar 2024 23:27:59 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCWfATHmZptZPT1IZ+au3YzjrPXr7Vdnb4OTuYbKmc0PpX8xEPC2Q+oR9/XHfmPd35FwVrI1J3JqFv7ngvK3kHGACvx1gLERgWN11MQ= X-Received: by 2002:a0d:d842:0:b0:611:6d6d:5d7b with SMTP id a63-20020a0dd842000000b006116d6d5d7bmr196711ywe.16.1711520879183; Tue, 26 Mar 2024 23:27:59 -0700 (PDT) MIME-Version: 1.0 References: <012f89763cc336cd91eec13dccefc921@dtrt.org> In-Reply-To: <012f89763cc336cd91eec13dccefc921@dtrt.org> From: Antoine Riard Date: Wed, 27 Mar 2024 06:27:47 +0000 Message-ID: Subject: Re: [bitcoindev] A Free-Relay Attack Exploiting RBF Rule #6 To: "David A. Harding" Cc: Peter Todd , bitcoindev@googlegroups.com Content-Type: multipart/alternative; boundary="0000000000000791e706149e825e" X-Original-Sender: antoine.riard@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Fgf2VGIC; spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::1133 as permitted sender) smtp.mailfrom=antoine.riard@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) --0000000000000791e706149e825e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Dave, > Could you tell us more about the disclosure process you followed? I'm > surprised to see it disclosed without any apparent attempt at patching. > I'm especially concerned given your past history of publicly revealing > vulnerabilities before they could be quietly patched[1] and the conflict > of interest of you using this disclosure to advocate for a policy change > you are championing. In defense of Peter, I don't think there is a low-hanging fruit that could have been landed easily in Bitcoin Core. The most obvious ones could have been a) to reduce `MAX_STANDARD_TX_WEIGHT` or b) a new rule `max_replacement_bandwidth` or c) a new absolute-fee based penalty on bandwidth replacement cost. All hard to integrate in a covert fashion without attracting some attention from the community, which would certainly ask why we're changing the marginal bandwidth cost. Potentially, impacting unfavorably some use-cases. Certainly, Peter's report could have integrated a disclosure timeline at th= e example of CVE-2018-17144 [0], which I can recommend to anyone to follow doing security research or servicing as a security point of contact in our field. I don't see the conflict of interest in the present disclosure ? It is public information that Peter is championing RBFR [1]. I'm not aware of any private interest unfavorably influencing Peter's behavior in the conduct of this security issue disclosure. One of the established principles in infosec, it's up to software vendors to explain why their softwares is broken or why they are "lazy" fixing issues. Assuming sufficient technical proof has been initially communicated by the reporter. If you're dissatisfied by Peter's conduct in the handling of this disclosure, you're welcome to author vulnerability reports or assume the role of coordinating patching responses yourself more often. Assuming you can be reasonably trusted here. Finally, in matters of ethics, talking as an external observer can be cheap sometimes and it is best to "lead-by-example", imho. Best, Antoine [0] https://bitcoincore.org/en/2018/09/20/notice/ [1] https://petertodd.org/2024/one-shot-replace-by-fee-rate Le mar. 26 mars 2024 =C3=A0 18:38, David A. Harding a =C3= =A9crit : > On 2024-03-18 03:21, Peter Todd wrote: > > [...] the existence of this attack is an argument in favor of > > replace-by-fee-rate. While RBFR introduces a degree of free-relay, the > > fact > > that Bitcoin Core's existing rules *also* allow for free-relay in this > > form > > makes the difference inconsequential. > > > > # Disclosure > > > > This issue was disclosed to bitcoin-security first. I received no > > objections to > > making it public. All free-relay attacks are mitigated by the > > requirement to at > > least have sufficient funds available to allocate to fees, even if the > > funds > > might not actually be spent. > > Could you tell us more about the disclosure process you followed? I'm > surprised to see it disclosed without any apparent attempt at patching. > I'm especially concerned given your past history of publicly revealing > vulnerabilities before they could be quietly patched[1] and the conflict > of interest of you using this disclosure to advocate for a policy change > you are championing. > > -Dave > > [1] > > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-June/016100.= html > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Bitcoin Development Mailing List" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/bitcoindev/EJYoeNTPVhg/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > bitcoindev+unsubscribe@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/bitcoindev/012f89763cc336cd91eec13dccef= c921%40dtrt.org > . > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/= bitcoindev/CALZpt%2BHNiwie1RNJOi9WJs-F2%3DYSvFdwCDfdNDuTdUuSf_kTBg%40mail.g= mail.com. --0000000000000791e706149e825e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Dave,

> Could you tell us more ab= out the disclosure process you followed?=C2=A0 I'm=C2=A0
> surprised to see it disclosed = without any apparent attempt at patching.=C2=A0=C2=A0
> I'm especially concerned given yo= ur past history of publicly revealing=C2=A0
> vulnerabilities before they could be quietly pa= tched[1] and the conflict=C2=A0=
> of interest of you using this disclosure to advocate for a = policy change=C2=A0
&= gt; you are championing.

In defense of Peter, = I don't think there is a low-hanging fruit that could have
be= en landed easily in Bitcoin Core. The most obvious ones could have been
a) to reduce `MAX_STANDARD_TX_WEIGHT` or b) a new rule `max_replacem= ent_bandwidth`
or c) a new absolute-fee based penalty=C2=A0on ban= dwidth replacement cost.

All hard to integrate in = a covert fashion without attracting some attention from the
commu= nity, which would certainly ask why we're changing the marginal bandwid= th=C2=A0cost.
Potentially, impacting unfavorably some use-cases.<= /div>

Certainly, Peter's report could have integrate= d a disclosure timeline at the
example of CVE-2018-17144 [0], whi= ch I can recommend to anyone to follow doing
security research or= servicing as a security point of contact in our field.

I don't see the conflict of interest in the present disclosure ? = It is public information
that Peter is championing RBFR [1].=C2= =A0 I'm not aware of any private interest unfavorably
influen= cing Peter's behavior in the conduct of this security issue disclosure.=

One of the established principles in infosec, it&= #39;s up to software vendors to explain
why their softwares is br= oken or why they are "lazy" fixing issues. Assuming sufficient
technical proof has been initially communicated by the reporter.

If you're dissatisfied by Peter's conduct in= the handling of this disclosure, you're welcome
to author vu= lnerability reports or assume the role of coordinating patching responses y= ourself
more often. Assuming you can be reasonably trusted here.<= /div>

Finally, in matters of ethics, talking as an exter= nal observer can=C2=A0be cheap sometimes and it is
best to "= lead-by-example", imho.

Best,
Antoi= ne

= =C2=A0

Le=C2=A0mar. 26 mars 2024 =C3=A0=C2=A018:38, David A. Hardi= ng <dave@dtrt.org> a =C3=A9crit= =C2=A0:
On 2024-03-18 03:21, Peter Todd wrote: > [...] the existence of this attack is an argument in favor of
> replace-by-fee-rate. While RBFR introduces a degree of free-relay, the=
> fact
> that Bitcoin Core's existing rules *also* allow for free-relay in = this
> form
> makes the difference inconsequential.
>
> # Disclosure
>
> This issue was disclosed to bitcoin-security first. I received no
> objections to
> making it public. All free-relay attacks are mitigated by the
> requirement to at
> least have sufficient funds available to allocate to fees, even if the=
> funds
> might not actually be spent.

Could you tell us more about the disclosure process you followed?=C2=A0 I&#= 39;m
surprised to see it disclosed without any apparent attempt at patching.=C2= =A0
I'm especially concerned given your past history of publicly revealing =
vulnerabilities before they could be quietly patched[1] and the conflict of interest of you using this disclosure to advocate for a policy change you are championing.

-Dave

[1]
https://lists.linuxfoun= dation.org/pipermail/bitcoin-dev/2018-June/016100.html

--
You received this message because you are subscribed to a topic in the Goog= le Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/bitcoindev/EJYoeNTPVhg/unsubscribe<= /a>.
To unsubscribe from this group and all its topics, send an email to
bit= coindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/0= 12f89763cc336cd91eec13dccefc921%40dtrt.org.

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.= google.com/d/msgid/bitcoindev/CALZpt%2BHNiwie1RNJOi9WJs-F2%3DYSvFdwCDfdNDuT= dUuSf_kTBg%40mail.gmail.com.
--0000000000000791e706149e825e--