Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1USjz4-0003E9-Sm for bitcoin-development@lists.sourceforge.net; Thu, 18 Apr 2013 08:14:22 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.149.78 as permitted sender) client-ip=62.13.149.78; envelope-from=pete@petertodd.org; helo=outmail149078.authsmtp.net; Received: from outmail149078.authsmtp.net ([62.13.149.78]) by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1USjz3-0006j4-DP for bitcoin-development@lists.sourceforge.net; Thu, 18 Apr 2013 08:14:22 +0000 Received: from mail-c226.authsmtp.com (mail-c226.authsmtp.com [62.13.128.226]) by punt8.authsmtp.com (8.14.2/8.14.2/Kp) with ESMTP id r3I8EEeA064370; Thu, 18 Apr 2013 09:14:14 +0100 (BST) Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r3I8E8UR031109 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 18 Apr 2013 09:14:10 +0100 (BST) Date: Thu, 18 Apr 2013 04:14:07 -0400 From: Peter Todd To: John Dillon Message-ID: <20130418081407.GC27888@savin> References: <453bfc69-b2ab-4992-9807-55270fbda0db@email.android.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="TiqCXmo5T1hvSQQg" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: f33a3f04-a7ff-11e2-98a9-0025907ec6c5 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aQdMdwoUGUUGAgsB AmUbW11eUVl7WGI7 bAxPbAVDY01GQQRq WVdMSlVNFUsqAmUJ cxZ7MBlxdgRGcTBx ZkVmXj4NX0crdhB9 RlMFEjtQeGZhPWIC WUgJfh5UcAFPdx9C PwN5B3ZDAzANdhES HhM4ODE3eDlSNilR RRkIIFQOdA4iGCI9 DzwFJn0hGldNWzV7 NRE+LlcXEUMcNFla X-Authentic-SMTP: 61633532353630.1020:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 76.10.178.109/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1USjz3-0006j4-DP Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Anti DoS for tx replacement X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Apr 2013 08:14:23 -0000 --TiqCXmo5T1hvSQQg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 18, 2013 at 06:07:23AM +0000, John Dillon wrote: > Gavin do you actually agree with Mike on this stuff like he implies? > Because if you do, I think people should know. Myself I wouldn't want > to be contributing to your salary as a foundation member if you don't > take Bitcoin security seriously. FWIW Gavin has spent quite a bit of time and effort ensuring that Bitcoin is resistent to DoS attacks, as well as spearheading a move towards better testing. The latter in particular is helpful against chain-forking bugs, so better testing is very much a security issue. He also spearheaded P2SH, and the current efforts to get a payment protocol implemented. I'm less convinced about his stance against attackers that pose a threat to the system as a whole, but it's not fair to accuse him of not taking security seriously. > Strict replacement by fee should be written so it can be tested > properly and people in the Bitcoin ecosystem use proper security > practices with regard to unconfirmed transactions. I'm willing to > pledge $500USD to anyone who implements it. That is write the core > functionality that does replacement by fee, and a simple 'undo' RPC > command. I would do it myself but my programming is rusty. You should clarify if you want this patch to compute fees recursively or not, IE, should the patch include fees paid by child transactions in how it computes the total fee the transaction pays. Doing this is non-trivial, although Luke-Jr has written a patch to do this without replacement: https://github.com/bitcoin/bitcoin/pull/1647 Also, clarify if you want unit-tests and similar things included in the implementation. --=20 'peter'[:-1]@petertodd.org --TiqCXmo5T1hvSQQg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJRb6tPAAoJEH+rEUJn5PoED2kH/jid46nAJ1l6q1JdElWYmkJ6 HQq+2xgAt5doVOrcCK8g16XKcmPL5MSOc5d8ufpQrxe9rjq9Zp2fC6mmynGqXh0G Y8rKpUDbAJfOH5HTvwOhevJ+BWXuao2U3PLqGn8pFEbgMAvTgVWd/mmyfiYf0usC ukLs7lnf23TvjmYLhTdBphg0bjYFbNzPRowtSldYFtU5GgSuAXXhZSn3p5hs6jc+ ScdSAB60YumiwbOQN3zJIhPG6GoiZxzkqi9Q3HEYXZUhnlmxyZjZagv4ZNLQEhwn hXfM97ESEbcnO7LLEq+SlbenGgqY8lDz7ZaxQKlqyg7bST7Y+qGEu3EsbaXr02U= =i6FS -----END PGP SIGNATURE----- --TiqCXmo5T1hvSQQg--