summaryrefslogtreecommitdiff
path: root/02/3b6167e041d698265170e2744e3a622d56574d
blob: 54db7d138f31a958e2379184b1f07c25bb7b1b46 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
Return-Path: <user@petertodd.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 086B6BE1
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 18 Dec 2018 04:39:58 +0000 (UTC)
X-Greylist: delayed 00:16:53 by SQLgrey-1.7.6
Received: from outmail148114.authsmtp.net (outmail148114.authsmtp.net
	[62.13.148.114])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 52F8FA8
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 18 Dec 2018 04:39:57 +0000 (UTC)
Received: from punt16.authsmtp.com (punt16.authsmtp.com [62.13.128.205])
	by punt22.authsmtp.com. (8.15.2/8.15.2) with ESMTP id wBI4N2rY017695
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 18 Dec 2018 04:23:02 GMT (envelope-from user@petertodd.org)
Received: from mail-c245.authsmtp.com (mail-c245.authsmtp.com [62.13.128.245])
	by punt16.authsmtp.com. (8.15.2/8.15.2) with ESMTP id wBI4N1tX016869;
	Tue, 18 Dec 2018 04:23:01 GMT (envelope-from user@petertodd.org)
Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com
	[52.5.185.120]) (authenticated bits=0)
	by mail.authsmtp.com (8.15.2/8.15.2) with ESMTPSA id wBI4Mxur098328
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); 
	Tue, 18 Dec 2018 04:23:00 GMT (envelope-from user@petertodd.org)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by petertodd.org (Postfix) with ESMTPSA id 23EF140100;
	Tue, 18 Dec 2018 04:22:59 +0000 (UTC)
Received: by localhost (Postfix, from userid 1000)
	id 5098720289; Mon, 17 Dec 2018 23:22:58 -0500 (EST)
Date: Mon, 17 Dec 2018 23:22:58 -0500
From: Peter Todd <pete@petertodd.org>
To: Johnson Lau <jl2012@xbt.hk>,
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <20181218042258.dfj7n5qmmcbbe2wo@petertodd.org>
References: <CAPg+sBhuPG-2GXc+Bp0yv5ywry2fk56LPLT4AY0Kcs+YEoz4FA@mail.gmail.com>
	<87ftv3xerx.fsf@rustcorp.com.au>
	<DAAB7568-A004-4897-B5B3-0FBBC6895246@xbt.hk>
	<87pnu6s3v5.fsf@rustcorp.com.au> <87h8fiqn1z.fsf@rustcorp.com.au>
	<20181214093002.p2nvfrlaycqblww3@erisian.com.au>
	<8736qyhsej.fsf@rustcorp.com.au>
	<6DE5291C-629D-4080-9B0C-E18BEFA28B16@xbt.hk>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="o7glrtnc4kukvjsi"
Content-Disposition: inline
In-Reply-To: <6DE5291C-629D-4080-9B0C-E18BEFA28B16@xbt.hk>
User-Agent: NeoMutt/20170113 (1.7.2)
X-Server-Quench: 9ac227dd-027c-11e9-903a-9cb654bb2504
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZIVwkA IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
	aQdMdwoUHFAXAgsB Am4bW1BeUl57WWM7 bghPaBtcak9QXgdq
	T0pMXVMcU3cRBWFJ Q1weWxFxdQ0IcXhw ZghrDyNZXkMuIVt9
	QEkHCGwHMG59YWAc AV1RJFFSdQcYLB1A alQxNiYHcQ5VPz4z
	GA41ejw8IwAXEy1b TxtFNlMdQU8QHjMn DxkEEX0qGlcIDyop
	Jho7LlcGVH0wHWUb CnsWf3U5FScvNmUB 
X-Authentic-SMTP: 61633532353630.1039:706
X-AuthFastPath: 0 (Was 255)
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Tue, 18 Dec 2018 16:11:00 +0000
Subject: Re: [bitcoin-dev] Safer sighashes and more granular SIGHASH_NOINPUT
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Dec 2018 04:39:58 -0000


--o7glrtnc4kukvjsi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Dec 18, 2018 at 03:08:26AM +0800, Johnson Lau via bitcoin-dev wrote:
> >> If it's not safer in practice, we've spent a little extra complexity
> >> committing to a subset of the script in each signature to no gain. If
> >> it is safer in practice, we've prevented people from losing funds. I'm
> >> all for less complexity, but not for that tradeoff.
> >=20
> > There are many complexities we could add, each of which would prevent
> > loss of funds in some theoretical case.
>=20
> Every security measures are overkill, until someone get burnt. If these s=
ecurity measures are really effective, no one will get burnt. The inevitabl=
e conclusion is: every effective security measures are overkill.

This isn't really a security issue, it's a software reliability issue. And
you're making a trade-off between complexity of the core protocol and
complexity of wallet software.

A core protocol failure has high costs for every single Bitcoin user; a wal=
let
software failure affects a much smaller number of people. So I'd be incline=
d to
prioritise core protocol simplicity rather than stamping out one of many, m=
any,
ways that wallet software can screw up and lose money.

--=20
https://petertodd.org 'peter'[:-1]@petertodd.org

--o7glrtnc4kukvjsi
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEFcyURjhyM68BBPYTJIFAPaXwkfsFAlwYdhwACgkQJIFAPaXw
kfuZ0wf/UauIq8ePrnqij9vEzBYjgzQpLHboOQ9t3tiS4mFGXMxwfsOD/RkbpQuf
VFBm9IIQVRLbHpUh1RkIEBA35Y7cWS3SEbH/8ZdR6d2oCVFCvoQzU5doUbXl02eO
20kPxbrNIrGhMxoXxRax/1IR4qZk0GW4dXENMyiX/62CevpZzCkvL5Ajdjz5TLyn
9Oiqxow89gsu0x+wQ3DBeJaUbvlD30GDMReK7ZdPOLgd2Zsq+InteU0cGzQdN4UR
xl0MBPbA8ywnCqVmfYkVnqsPVHFug/Tnu+FYtl+W/nMVT4/6FJkYAbC5cSt56b0p
CWLTn8s8mrySLVlayTHxPXAt30l/hA==
=ffW3
-----END PGP SIGNATURE-----

--o7glrtnc4kukvjsi--