Delivery-date: Thu, 28 Mar 2024 12:29:35 -0700
Received: from mail-oa1-f56.google.com ([209.85.160.56])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBDRYHVHZTUGRBF4KS6YAMGQEZZFWNIQ@googlegroups.com>)
	id 1rpvRO-0007yo-Oz
	for bitcoindev@gnusha.org; Thu, 28 Mar 2024 12:29:35 -0700
Received: by mail-oa1-f56.google.com with SMTP id 586e51a60fabf-22a0b2edd89sf1304823fac.2
        for <bitcoindev@gnusha.org>; Thu, 28 Mar 2024 12:29:34 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1711654169; cv=pass;
        d=google.com; s=arc-20160816;
        b=mLCdWNiWvHK6Hi7NrgV5KJ8mByo3ftPYmF+GGj522NTP2pVz3tYXKcTQiRDiGAYSJq
         LqHjGK0L++hALHp/+KnZt2PwdhtxYndPQW4uZUirXXsX2sB/pTDvxWLmKGhpQtlYj3oh
         t+nFe+grXbIj9yeJC9Tk1IXZ2V3ya8eSVp+2ohyA6ZhcP4Iw2LofXCUQOyb3P1CT/O8E
         EMA261cNvkJidr6QzqkIwufku7R1juiiK7nAZmA8DDWnH0anbv7B1sezXR1JrTtdnYfl
         T1JPs47uO6FoNFUzAGnF4upAWYueV8GgNl4IDER/GG8Ide0W25/HbkAcCckCBpPms2DM
         hhwA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date
         :feedback-id:sender:dkim-signature;
        bh=6+yt32JF+FI1gNsfzkjROno5CQrwQ0V+FzPUOJbqWro=;
        fh=mV10C0rNPEi87ZMC9L8AkHG24dMEy+K8X+b3zdF9VgQ=;
        b=S2vnQy196VFwxeBteRCfDBARIX/h+LwNkhvmLBoTZzHNk/2eXHFxLlhhUNsoXvRmVN
         YLUESK+Ww8MVgrW5W2PBM81dJBs2AczTxSzAxHyMVG1mHp1HTg95YFrKXl/w0RHMxf4F
         09Q/IjWMABGR2fpXkn80BnpCvEn4QcywBGMpcgfumCcQb1J54+wHBSE+oqCZBrQ5LtFV
         G+E0ygooxt+O8JnhwaK9+mwNlHKT8EGfdRzjTCX8WIwRge5/tIIdGBf+04wwFpF67jPQ
         8mihzT9J0GwjQ5VuZBMbEz3Ark4ayT7vtzH0TO2wSp+u+H2ES3I7sH7MFl2HVpb4MMoE
         Hi8A==;
        darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=vhtgtI8J;
       spf=pass (google.com: domain of pete@petertodd.org designates 64.147.123.147 as permitted sender) smtp.mailfrom=pete@petertodd.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1711654169; x=1712258969; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:feedback-id:sender
         :from:to:cc:subject:date:message-id:reply-to;
        bh=6+yt32JF+FI1gNsfzkjROno5CQrwQ0V+FzPUOJbqWro=;
        b=BovTgkGZL/bpA19fjvzS8SiH6Hrf7kwQhERRxfyJ6fj1MXNP/M7ul3NmX6TsVNMogi
         LduDUTzb+vVlhAoGzdJfrz0OoCFIDvuTsL4EEPl42TOZ54QpUGXF0dFg6jvSyfjmvow8
         5BkUQLEgCreVkYKVCGy7L3Menv85NS7FUqyk+5qSufWuHKTnIVW9sgACpBaTA2tXXios
         XfQ4BvF1sMQca5IfUgbyToBuel6PWSHO4CqtfsP6oEvrVfuUA1Pf91GUh63aeVY/qbHv
         BLBPW08no5MJJYmVBQ1OfEmUQ8NBeuXmC2cnuxzZYMjAlxLh6Nr1qDNubKWSRK65cbT4
         ibIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1711654169; x=1712258969;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:feedback-id
         :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date
         :message-id:reply-to;
        bh=6+yt32JF+FI1gNsfzkjROno5CQrwQ0V+FzPUOJbqWro=;
        b=tJmYqOsj0bOtKxozlZka/J3BLRV0MFbIvT00u97MDunikGZ+uiaK2EAYbkhARftGyz
         UKbYpi9lAtYUy39pkGPEenkG7cSHFrdGHn8nv1BECrMYb3n4bpYuPaWiayXVTZaG2Uww
         CfPDo53n8eTNEC8Ej3UFgHwhmwajll+36eZCiXW6lztCkVym1PnlerRgFqqFv9K5STO2
         gnnoZ4FAxTvxySPEdWvUjKPOYDWcpMv//bbtMRhjH2k4+CInUU31SkNeOnpkffFSDOSV
         FqiDJ4ZEHUGXEMCPYQ1y9ggphiOGkBIXfsE+b7DZIqep0X7iQV24DrZIKV+eryxH28kn
         iaBw==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCUA5Ix3VBjSu1hNnSkRJcEDh3Y9MSJbN7PzGTDddXHFJfeiMN/ioung7VHR0Nh1SBtksZvvT6mtXTV7Zskca9NhLEKE0Fg=
X-Gm-Message-State: AOJu0YzUqklHec7XVFxoCt7u9IU1k8YYFmpYyNtd8TfTPrGy4lf+chiy
	5CxJ2svw8AfZE9p2Pt54qDW7UpNWpFnq8M3rDNed8ATmEf2oBrhO
X-Google-Smtp-Source: AGHT+IHPAMT1FKMja/P9K6o4jVoVKaZEoHyLF/0saheLeW+Szzo/9iB87HSOZUfHhw1cGPSzKa/LQg==
X-Received: by 2002:a05:6870:390b:b0:221:b1ad:187f with SMTP id b11-20020a056870390b00b00221b1ad187fmr170565oap.29.1711654168690;
        Thu, 28 Mar 2024 12:29:28 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:ac8:45c5:0:b0:432:b2f9:64f3 with SMTP id e5-20020ac845c5000000b00432b2f964f3ls1136433qto.1.-pod-prod-01-us;
 Thu, 28 Mar 2024 12:29:27 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCXun4d41P4JwA2zY7LqwHrz0Wxn2x5OREpPS47ULmrdE5VYzt92ArsJxbGVmsFgRD+7czywabfrSmze3tXePQmLnyoZCmtveYAjnPE=
X-Received: by 2002:a05:622a:14d:b0:431:508e:27e7 with SMTP id v13-20020a05622a014d00b00431508e27e7mr876qtw.3.1711654166992;
        Thu, 28 Mar 2024 12:29:26 -0700 (PDT)
Received: by 2002:a05:620a:28d0:b0:78a:4813:d207 with SMTP id af79cd13be357-78bc5d1eca3ms85a;
        Thu, 28 Mar 2024 12:16:32 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCWbjjmVnd0/lXE3IBhCUSVVMwxijnIhmszpymZ/kyBXR7DoR+EEqo02wtMWiZhG/7I6H9071ySCG0u7FP6i+ZOH5DDbmWrb98KAyxY=
X-Received: by 2002:a67:f8cf:0:b0:476:dcd0:e30d with SMTP id c15-20020a67f8cf000000b00476dcd0e30dmr36569vsp.8.1711653391100;
        Thu, 28 Mar 2024 12:16:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1711653391; cv=none;
        d=google.com; s=arc-20160816;
        b=v3dEnNCV9Tds9K7KcoDug4ghjqLMwGk94xt7yS8/oZG3Ne6Aoda7I/GDCE3zbdaLzQ
         yHxiKpKylAAYvL31M5bpqMWol41BZoa+eM25f5+8xUCOl226qWFQPOtOkkc/rQPjd3Rf
         oVK5ZWkvAbjdmNADdVqurxEPWQt5xwVXBCqkYDYES9TTNP5w6iwjCKfo1OOVNiN8eg9R
         7j2stSaveIZKJZ3OjDFXKLmqg9hRnvID5BUCEOv4aU+a925ignTymIqyfa//KI6TeOWi
         Qv/S4ClUB5pBNXQ1VblBphwhYHhKJR26R6KIFMbWc4sY3HqLei+/0T0WoO9+b0EKn67w
         d0mw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:feedback-id:dkim-signature;
        bh=cpO2TwUnqAUHgH1rfqIkrY12VqnHhb4o4l069jgK/xE=;
        fh=sWiV54kOmo8ROKrghwW+MXZzTzZ0L10T4YCLAn/t348=;
        b=PfyB2E6niz65XkXlzNE+XwQPwkJsfuIN9blF38NxX9bXCoF1CTEvdVAwgZpQESkC40
         scd6Ldcx4Hza3McuC+QsGPqzaBop/I+F3sY7wEGrYSHOdD+1jpYZM1j2o5BMzK2jKVGq
         mAvYuOsPaK7Q47pcIryHZF7+EVXq5nW0V9fJ1f6B5KbDv0rcoTwqxdfZ9JxZea7/DFrf
         Qnste2lRvMmtK6p9Y/mZDuvc2UPQoqMxGJ0TI1ENWvX2IhPZeilsSkrr399UVMuKtiW7
         0M3ldrrE1U8mw7HjhyZxLVeuPGRyxv2sXmsSZYlIINMMcy5m+ygmf/Ztdn7dtnyskroR
         XB/Q==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=vhtgtI8J;
       spf=pass (google.com: domain of pete@petertodd.org designates 64.147.123.147 as permitted sender) smtp.mailfrom=pete@petertodd.org
Received: from wfout4-smtp.messagingengine.com (wfout4-smtp.messagingengine.com. [64.147.123.147])
        by gmr-mx.google.com with ESMTPS id h13-20020a0561023d8d00b0047309ffd6fesi263326vsv.2.2024.03.28.12.16.30
        for <bitcoindev@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 28 Mar 2024 12:16:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of pete@petertodd.org designates 64.147.123.147 as permitted sender) client-ip=64.147.123.147;
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
	by mailfout.west.internal (Postfix) with ESMTP id B6E261C00074;
	Thu, 28 Mar 2024 15:16:29 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute1.internal (MEProxy); Thu, 28 Mar 2024 15:16:30 -0400
X-ME-Sender: <xms:DMIFZlIh2q72e8Dc2X-Ilb_-5HMwOnDDKh99PWHTTkLz_N2g0a_XVg>
    <xme:DMIFZhL4XYjzaCeJaW0c-D3AzWrnq4tBbVO2C2xTW91W_-TXI7e8W0VVuPAbfhr9m
    q2GXH26atCMY2yaZPc>
X-ME-Received: <xmr:DMIFZtsj28AjApSlym7cMQ-qeVkkoHf8vYGsIly3DA2c-m4BgLRXsPDuCg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudduledguddvtdcutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
    necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
    enucfjughrpeffhffvvefukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefrvght
    vghrucfvohguugcuoehpvghtvgesphgvthgvrhhtohguugdrohhrgheqnecuggftrfgrth
    htvghrnhepheefjeegfeegffetteevvedugfejkeegleduueehffeuhfejgeefheeguefg
    keejnecuffhomhgrihhnpegsihhtshhlohhgrdgtohhmpdhpvghtvghrthhouggurdhorh
    hgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphgv
    thgvsehpvghtvghrthhouggurdhorhhg
X-ME-Proxy: <xmx:DMIFZmZyTDx4vNYm7vIIlDcbalqk3fAAUlx5aKdB52WXKMX5vWIOWw>
    <xmx:DMIFZsYdoIFs4re1o4BQ4juFkU7zH6XsaVoo_EQa8L2Jdl39FXDZDg>
    <xmx:DMIFZqAtW7MdeNZlnWOzGYCRASO8YK0PDR2bw_paJgKZuyHRWKZ6Jw>
    <xmx:DMIFZqa-7YqSNSANxsXqizYAMs_KYnXd4cy-qWv3yB5BCFONyCllhA>
    <xmx:DcIFZiO51kSFij48psHWjpgplpBr8BYu-VYv1beOhEqE0c9p4Dry-zT9vE4>
Feedback-ID: i525146e8:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu,
 28 Mar 2024 15:16:28 -0400 (EDT)
Received: by localhost (Postfix, from userid 1000)
	id EB0945F87B; Thu, 28 Mar 2024 19:16:22 +0000 (UTC)
Date: Thu, 28 Mar 2024 19:16:22 +0000
From: Peter Todd <pete@petertodd.org>
To: Antoine Riard <antoine.riard@gmail.com>
Cc: Steve Lee <steven.j.lee@gmail.com>, "David A. Harding" <dave@dtrt.org>,
	bitcoindev@googlegroups.com
Subject: Re: [bitcoindev] A Free-Relay Attack Exploiting RBF Rule #6
Message-ID: <ZgXCBhL2E6UECXVJ@petertodd.org>
References: <f7fbeb4f58904fc5a24b6fc2d829036c@dtrt.org>
 <ZgRfvrYatcpqPNRn@petertodd.org>
 <bbc33ff01e464f8c84a593ac05c5722c@dtrt.org>
 <ZgSB6kmLiDG08Yrd@petertodd.org>
 <CABu3BAeYsMG7TuM_htTYREgDdGOKV=gwFJ+T59L=qHqbewz4vw@mail.gmail.com>
 <CALZpt+EK26=E6U9OdY+c9LVQnGtb-f5zzKt5RTwBoHpr_SSxcA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="mz1UYETDl4+YGTjN"
Content-Disposition: inline
In-Reply-To: <CALZpt+EK26=E6U9OdY+c9LVQnGtb-f5zzKt5RTwBoHpr_SSxcA@mail.gmail.com>
X-Original-Sender: pete@petertodd.org
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@messagingengine.com header.s=fm2 header.b=vhtgtI8J;       spf=pass
 (google.com: domain of pete@petertodd.org designates 64.147.123.147 as
 permitted sender) smtp.mailfrom=pete@petertodd.org
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.8 (/)


--mz1UYETDl4+YGTjN
Content-Type: text/plain; charset="UTF-8"
Content-Disposition: inline

On Thu, Mar 28, 2024 at 06:34:42PM +0000, Antoine Riard wrote:
> Hi Steve,
> 
> > He literally cites a reference to an example.
> 
> About CVE-2017-12842,  the report of Sergio Demian Lerner available here
> gives more information on the reporting process of the vulnerability:
> https://bitslog.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/
> 
> I'll attract attention on the following words of Sergio himself:
> 
> "and as I said in the first paragraph, the weakness was already known by
> some developers. But I still don't understand (1) why so many people knew
> about it but underestimated it badly, (2) why there was no attempt to fix
> it."

I do not consider CVE-2017-12842 to be serious. Indeed, I'm skeptical that we
should even fix it with a fork. SPV validation is very sketchy, and the amount
of work and money required to trigger CVE-2017-12842 is probably as or more
expensive than simply creating fake blocks.

Sergio's RSK Bridge contract being vulnerable to it just indicates it was a
reckless design.

> I believe in the present "free-relay" bandwidth wasting, letting a minimal
> 2-weeks delay would have been more reasonable. Security list members might
> be in flight travels or at conferences, or under other operational
> constraints and domain experts in the area of transaction-relay might not
> be available to give full-fledged answers. Even if you have private
> contacts of someone, don't rush them to get an answer when it can be
> midnight in their time zones and they're recovering from jet lags.

To be clear, in this particular case I had specific, insider, knowledge that
the relevant people had in fact seen my report and had already decided to
dismiss it. This isn't a typical case where you're emailing some random company
and don't have any contacts. I personally knew prior to publication that the
relevant people had been given a fair chance to comment, had chosen not to, and
I would likely receive no response at all. Which is really annoying as I have
my own deadlines for (paid) things this research was relevant to: much more
useful to me to get the issue published publicly, so I can get actual comments
from people like yourself, and move forward with my work.

I'm not going to say anything further on how I knew this, because I'm not about
to put up people who have been co-operating with me to the risk of harassment
from people like Harding and others; I'm not very popular right now with many
of the Bitcoin Core people working on the mempool code.

Anyway, I think the lesson learned here is it's probably not worth bothering
with a disclosure process at all for this type of issue. It just created a
bunch of distracting political drama when simply publishing this exploit
variation immediately probably would not have.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZgXCBhL2E6UECXVJ%40petertodd.org.

--mz1UYETDl4+YGTjN
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmYFwgQACgkQLly11TVR
Lzfm8w/+IA717utqZBAHKlbQoX2jTL/a9Aq7FiI9q0dIaXkTA8ieK/hreLgvOF2A
5PJ14jqjgfecY4HBMBrelo8tvSJWFCOx3V3ug8f4QTC3/AYUY3wBvjITJR80MX6t
mGW95ZDJxaJn7z+EdWXo6++XJ2Bm4AE3h6aM4akkDfRpEePo5wYF3uVSs1mAoH2L
sLz5UHsnVjhjx2muxQb8IxZ3o0+JM42K8sXt02crB2Bwl9T3fxFBOpq1O4rxDO2c
UTo9R9ITCIOztTe5t8fcnIypvsyleGevzPuT9MxnYLNhq8/nkqN780eRn2di33GO
DBEy4/pukldwnJ+vXojdqvtQSlo1rv7tWRXBjfcGEKvm3VAUGdPpLcbCG5pKY0bE
5oykEAXrTLpIm/urg5DehTRecmef4LLhw986IhttjYGZ72Br2Dax3ZAoId4PJZFa
e5FCYm1L3kljUfpchqcV33d77NEzJCcKKl7wO3BQ08S4Er+ny6F4QTD70FPiA0qD
Ca4EGZOSj1FcbUgI1Ku1tBA1gljABxahFNBj03vj9knCftvqCn0VpGGDvazefjJ0
UbyOzIpJwcqbU1xEAx5JY8MAa3mP1CfbqwkmTcHZTihJki9F2m1xQslmu+GO0Zaz
/Z0FWwvbA6fsEufTT8Vlep5Iz9S/3Gm2Cf8ufaAB1f/3j/a55xc=
=r9TN
-----END PGP SIGNATURE-----

--mz1UYETDl4+YGTjN--