Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 37D39721 for ; Sat, 10 Sep 2016 09:41:27 +0000 (UTC) X-Greylist: delayed 00:11:32 by SQLgrey-1.7.6 Received: from sender163-mail.zoho.com (sender163-mail.zoho.com [74.201.84.163]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 1C7CB1FD for ; Sat, 10 Sep 2016 09:41:26 +0000 (UTC) Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1473500481893185.49621029882576; Sat, 10 Sep 2016 02:41:21 -0700 (PDT) Date: Sat, 10 Sep 2016 17:41:21 +0800 From: Johnson Lau To: "Gregory Maxwell" , "bitcoin-dev" Message-ID: <15713790962.be73b87e4580.3663496705131622210@xbt.hk> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Priority: Medium User-Agent: Zoho Mail X-Mailer: Zoho Mail X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Completing the retirement of the alert system X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Sep 2016 09:41:27 -0000 Concept ACK. For the details of executing the plan, I think the following is less disruptive: 1. Send a message with (max sequence - 1), notifying all nodes that the key will be retired on or before a date. People with systems relying on this key should either upgrade or ignore the revocation message. We don't know the actual date because the key is shared by many people. With the max - 1 sequence, no message except the max sequence revocation message may override this message. 2. Send the revocation message at the pre-announced time, if no one have done that before 3. After a few months or so, publish the private key. > > One of the facilities in the alert system is that you can send a > maximum sequence alert which cannot be overridden and displays only a > static key compromise text message and blocks all other alerts. I plan > to send a triggering alert in the not-distant future (exact time to be > announced well in advance) feedback on timing would be welcome. > > There are likely a few production systems that automatically shut down > when there is an alert, so this risks some small one-time disruption > of those services-- but none worse than if an alert were sent to > advise about a new system upgrade. > > At some point after that, I would then plan to disclose this private > key in public, eliminating any further potential of reputation attacks > and diminishing the risk of misunderstanding the key as some special > trusted source of authority. > > Cheers, > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >