Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id EA627A55 for ; Sat, 10 Sep 2016 00:54:30 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pa0-f47.google.com (mail-pa0-f47.google.com [209.85.220.47]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5AEFB192 for ; Sat, 10 Sep 2016 00:54:30 +0000 (UTC) Received: by mail-pa0-f47.google.com with SMTP id to9so33061827pac.1 for ; Fri, 09 Sep 2016 17:54:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=voskuil-org.20150623.gappssmtp.com; s=20150623; h=from:content-transfer-encoding:mime-version:subject:message-id:date :references:in-reply-to:to; bh=ZPHqPkHEQ1iTsrxLJhkKoma2KyM4KkBb8Z8WHcFN6ck=; b=h7dxAWEQPQpuzJ4Uk+LXpvUUr3jIAH8wJvNBXz1UwtooEBi89P+rxmIrviibtdMM0v ipG9J+DX/DceJaKpGivxjccNwMGnSZrYUj+PZigzrP1CtNXvbdZWuxYqUtdNaw4d+Oc1 KY/3ToL8gfj9i9w4/mgGbzmmzD2DgYU1//SsfRqwWpdUPk0IowuF/zWRqjPRJ5ygY7eH BNb2rvwJN7urMdikmAYav6NnWi9zuXxMGcgveOVwwhv6qqqpoBmQSzfgVNRZioMmw3vn nx4mdlKPMNG+dBLTHYSWc86ub6gwOp5+kQr5Cp5PZLm28RUcsTyrqnUzdbb/sKNHyUdd oWaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:references:in-reply-to:to; bh=ZPHqPkHEQ1iTsrxLJhkKoma2KyM4KkBb8Z8WHcFN6ck=; b=Xz1nvfIonRJweB3pKIMRocLBKdpDdG6ukLCHoBTClSCUmICjo+KSxE6wpiFAq4+Tzr jsQiFZr7GYDQefil8gonlWY1QE+Z9rN6UUhc2vAA3Q/v2JOaDj/WMn9SPgI4wCwyrNJu 6zpa4e/Q2sLNSnKAF329sULLLABfGAe2C4rTqyXxa4dXjNTJS3bcGIwl62FWJAxCeMDs AWV47hIZRwfniGMx27wOgRHhKd28w1VLOOGWdReRgMPN54YWKgpOGruc0VquMG7gM7HZ 71J9/mK0/6iWRKbFI2o/LIG9LkfwBt8u2Etk2HwTH87WCqM1cNHDAo8L15fTiUAWVoEr 4Xjg== X-Gm-Message-State: AE9vXwPEgDGK22nYH37J2eFS3/77/1OQbZZu/JrrBcJlVIeWZduGEHp57HY29u8B2bn+Iw== X-Received: by 10.66.7.33 with SMTP id g1mr11478875paa.92.1473468870052; Fri, 09 Sep 2016 17:54:30 -0700 (PDT) Received: from ?IPv6:2601:600:9000:d69e:bd08:99e3:bd72:407b? ([2601:600:9000:d69e:bd08:99e3:bd72:407b]) by smtp.gmail.com with ESMTPSA id 3sm7825464pfz.33.2016.09.09.17.54.28 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 09 Sep 2016 17:54:29 -0700 (PDT) From: Eric Voskuil Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Message-Id: <474CB187-0642-452C-AE1B-00D46FAE8BAF@voskuil.org> Date: Fri, 9 Sep 2016 17:54:28 -0700 References: In-Reply-To: To: Gregory Maxwell , Bitcoin Protocol Discussion X-Mailer: iPhone Mail (13G35) X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, MIME_QP_LONG_LINE, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Sat, 10 Sep 2016 01:17:17 +0000 Subject: Re: [bitcoin-dev] Completing the retirement of the alert system X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Sep 2016 00:54:31 -0000 ACK libbitcoin defines the message and includes the public key but only for comp= leteness and reference purposes. It has never been used in the node. e > On Sep 9, 2016, at 5:42 PM, Gregory Maxwell via bitcoin-dev wrote: >=20 > The alert system was a centralized facility to allow trusted parties > to send messages to be displayed in wallet software (and, very early > on, actually remotely trigger the software to stop transacting). >=20 > It has been removed completely in Bitcoin Core after being disabled for a w= hile. >=20 > While the system had some potential uses, there were a number of > problems with it. >=20 > The alert system was a frequent source of misunderstanding about the > security model and 'effective governance', for example a years ago a > BitcoinJ developer wanted it to be used to control fee levels on the > network and few months back one of Bloq's staff was pushing for a > scheme where "the developers" would use it to remotely change the > difficulty-- apparently with no idea how abhorrent others would find > it. >=20 > The system also had a problem of not being scalable to different > software vendors-- it didn't really make sense that core would have > that facility but armory had to do something different (nor would it > really make sense to constantly have to maintain some list of keys in > the node software). >=20 > It also had the problem of being unaccountable. No one can tell which > of the key holders created a message. This creates a risk of misuse > with a false origin to attack someone's reputation. >=20 > Finally, there is good reason to believe that the key has been > compromised-- It was provided to MTGox by a developer and MTGox's > systems' were compromised and later their CEO's equipment taken by the > Japanese police. >=20 > In any case, it's gone now in Core and most other current software-- > and I think it's time to fully deactivate it. >=20 > I've spent some time going around the internet looking for all > software that contains this key (which included a few altcoins) and > asked them to remove it. I will continue to do that. >=20 > One of the facilities in the alert system is that you can send a > maximum sequence alert which cannot be overridden and displays only a > static key compromise text message and blocks all other alerts. I plan > to send a triggering alert in the not-distant future (exact time to be > announced well in advance) feedback on timing would be welcome. >=20 > There are likely a few production systems that automatically shut down > when there is an alert, so this risks some small one-time disruption > of those services-- but none worse than if an alert were sent to > advise about a new system upgrade. >=20 > At some point after that, I would then plan to disclose this private > key in public, eliminating any further potential of reputation attacks > and diminishing the risk of misunderstanding the key as some special > trusted source of authority. >=20 > Cheers, > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev