Return-Path: <pete@petertodd.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id D84A6BBF
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 10 Sep 2016 00:58:08 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from outmail148109.authsmtp.co.uk (outmail148109.authsmtp.co.uk
	[62.13.148.109])
	by smtp1.linuxfoundation.org (Postfix) with ESMTP id 0856F151
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 10 Sep 2016 00:58:07 +0000 (UTC)
Received: from mail-c247.authsmtp.com (mail-c247.authsmtp.com [62.13.128.247])
	by punt22.authsmtp.com (8.14.2/8.14.2/) with ESMTP id u8A0w6mR004483;
	Sat, 10 Sep 2016 01:58:06 +0100 (BST)
Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com
	[52.5.185.120]) (authenticated bits=0)
	by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id u8A0w3Pj063360
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sat, 10 Sep 2016 01:58:04 +0100 (BST)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by petertodd.org (Postfix) with ESMTPSA id 87DCB40151;
	Sat, 10 Sep 2016 00:54:32 +0000 (UTC)
Received: by localhost (Postfix, from userid 1000)
	id 36CE320548; Sat, 10 Sep 2016 00:58:02 +0000 (UTC)
Date: Sat, 10 Sep 2016 00:58:02 +0000
From: Peter Todd <pete@petertodd.org>
To: Gregory Maxwell <greg@xiph.org>,
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <20160910005802.GA24954@fedora-21-dvm>
References: <CAAS2fgTYOUSm07N4NYDCsjjwSbAo_ye84UvbQF--3JzhLHkG0Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="VS++wcV0S1rZb1Fb"
Content-Disposition: inline
In-Reply-To: <CAAS2fgTYOUSm07N4NYDCsjjwSbAo_ye84UvbQF--3JzhLHkG0Q@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Server-Quench: a12c9d71-76f1-11e6-bcde-0015176ca198
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
	aAdMdwIUC1AEAgsB AmAbW1VeVVV7WWc7 bghPaBtcak9QXgdq
	T0pMXVMcUQ0ZAVsC ZkQeVBpxcQUIfnp4 bQgzX3IIVRB9dFt6
	RBhVCGwHMGF9OjNL BV1YdwJRcQRMLU5E Y1gxNiYHcQ5VPz4z
	GA41ejw8IwAXAyNQ WgUAMVMUTg4XHjN0 XR0eHC8iGEADW200
	IVQ6KlNUFUIcKFl6 Kko6RV8dWwA8
X-Authentic-SMTP: 61633532353630.1038:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 52.5.185.120/25
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] Completing the retirement of the alert system
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Sep 2016 00:58:09 -0000


--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Sep 10, 2016 at 12:42:30AM +0000, Gregory Maxwell via bitcoin-dev w=
rote:
> The alert system was a centralized facility to allow trusted parties
> to send messages to be displayed in wallet software (and, very early
> on, actually remotely trigger the software to stop transacting).

<snip>

> One of the facilities in the alert system is that you can send a
> maximum sequence alert which cannot be overridden and displays only a
> static key compromise text message and blocks all other alerts. I plan
> to send a triggering alert in the not-distant future (exact time to be
> announced well in advance) feedback on timing would be welcome.
>=20
> There are likely a few production systems that automatically shut down
> when there is an alert, so this risks some small one-time disruption
> of those services-- but none worse than if an alert were sent to
> advise about a new system upgrade.
>=20
> At some point after that, I would then plan to disclose this private
> key in public, eliminating any further potential of reputation attacks
> and diminishing the risk of misunderstanding the key as some special
> trusted source of authority.

ACK

Good to do this sooner rather than later, as alert propagation on the P2P
network is going to continue to get less reliable as nodes upgrade to softw=
are
that has removed alert functionality; better that the final alert key
retirement message is reliably seen by the remaining software out there in a
predictable way than this be something that happens unpredictably.

--=20
https://petertodd.org 'peter'[:-1]@petertodd.org

--VS++wcV0S1rZb1Fb
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJX01qXAAoJEGOZARBE6K+ym+EH/jH3QT0mjFHLmwJwKYMnm2ye
Kc4ASR4XAm19vRsidKqvFaklfK984cNtBu+5EETY19Az6Nb1f0RXCOEF9VZWCscK
wDn8U+DJZDrJ+Fv86EXmGaTRtyOe/Zfun1P/240M2HghFxOMjGfAthD9nEzN7jWr
SL+Vb2zQ1+W3AbUzHcvvabvB8WLjcSa3NNgbgef+Rh4OWGWFGVnXmBeESRABhud1
3MsZUm01RjE21VXuo270zK4YYC4QsMAWpoqwEnYw5KGazObXiWfd5A+MaPBdhw0q
zu68aYhnZs4HRVa4bk7/nNIS9gsrx8yiFtHFZmzXC2V6CjejIOxVZVBaeUMNDuI=
=IoFi
-----END PGP SIGNATURE-----

--VS++wcV0S1rZb1Fb--