summaryrefslogtreecommitdiff
path: root/06/25c4f6216a8948fb767b31e5286de6c0bfcef9
blob: cda2704585627d713e83cd46f4ecfb5dee352d88 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
Return-Path: <ctpacia@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 7C5F4EAF
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 19 Dec 2015 01:36:24 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-qg0-f46.google.com (mail-qg0-f46.google.com
	[209.85.192.46])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D4FFCEE
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 19 Dec 2015 01:36:23 +0000 (UTC)
Received: by mail-qg0-f46.google.com with SMTP id v36so46704502qgd.2
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Fri, 18 Dec 2015 17:36:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=subject:to:references:from:message-id:date:user-agent:mime-version
	:in-reply-to:content-type;
	bh=raiBUHV8sMLC/BtrYr1XHPUnbx/XPQXwC/kkUY4mwBc=;
	b=fJoznNgMwJH61/jPZUCuARx1KauMh+vA4Ard/8uHQ3bPaPb3V740MAIOcTiSd5XRbi
	7bDizuQNvpzktv5bpK2b1aBWB4MXyMfPJXyKiCWhrYfgkWO83okCLx1Gy9ddb/G25Idy
	k+kA4GuHgShiTzqFz7mOV99lCgQLxdu+1LPULW7jIY2Gy9nsogMEpqETEpB5bezklcQs
	upm8fB4q4xjCZh1tEhY7P4HEWpzmryrBe+iNuYDAokQQdb4SSZ5Dyer+YZEXyvmYDPYT
	Ou0VkYvxamY+cdAo8rWaWspkebB7lEbCqjEcEMTsYeSMBfMErK7tr0I6tfKjc3evxCTG
	34vg==
X-Received: by 10.140.144.205 with SMTP id 196mr10008472qhq.38.1450488983051; 
	Fri, 18 Dec 2015 17:36:23 -0800 (PST)
Received: from [192.168.1.15] (pool-72-82-165-31.cmdnnj.east.verizon.net.
	[72.82.165.31])
	by smtp.gmail.com with ESMTPSA id f7sm7929230qhf.7.2015.12.18.17.36.22
	for <bitcoin-dev@lists.linuxfoundation.org>
	(version=TLSv1/SSLv3 cipher=OTHER);
	Fri, 18 Dec 2015 17:36:22 -0800 (PST)
To: bitcoin-dev@lists.linuxfoundation.org
References: <CAPg+sBjJcqeqGLHnPyWt23z3YoCRGozQupuMxy51J_-hdkKBSA@mail.gmail.com>
	<E76D5BF9-41BF-4AF5-BBAC-06F4EF574EBE@toom.im>
From: Chris <ctpacia@gmail.com>
Message-ID: <5674B495.10903@gmail.com>
Date: Fri, 18 Dec 2015 20:36:21 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
	Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <E76D5BF9-41BF-4AF5-BBAC-06F4EF574EBE@toom.im>
Content-Type: multipart/alternative;
	boundary="------------080301090108010004070405"
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Sat, 19 Dec 2015 08:38:30 +0000
Subject: Re: [bitcoin-dev] On the security of softforks
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Dec 2015 01:36:24 -0000

This is a multi-part message in MIME format.
--------------080301090108010004070405
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit

On Dec 18, 2015, at 10:30 AM, Pieter Wuille via bitcoin-dev 
<bitcoin-dev@lists.linuxfoundation.org 
<mailto:bitcoin-dev@lists.linuxfoundation.org>> wrote:
> 2) The risk of an old full node wallet accepting a transaction whose
> coins passed through a script that depends on the softforked rules.
>
There's that, but there's also a case where an attacker creates a 
majority chain that follows the old rules but not the new ones. 
Non-upgraded nodes would accept a transaction on what they believe to be 
the consensus chain only to find that when they try to spend those coins 
no one accepts them because they were part of an invalid chain.

This has the effect of dropping non upgraded nodes to a form of spv 
security without their consent.

This is in contrast to a hard fork where a full node operator could 
explicitly set their node to accept higher version blocks that it can't 
validate. They get the soft fork functionality back but they have at 
least consented to it rather than have it forced on them. Doing forks 
that way would also have the benefit of notifying the user they are 
accepting unvalidated coins, whereas they wont know that in a soft fork.

--------------080301090108010004070405
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    On Dec 18, 2015, at 10:30 AM, Pieter Wuille via bitcoin-dev &lt;<a
      moz-do-not-send="true"
      href="mailto:bitcoin-dev@lists.linuxfoundation.org"><a class="moz-txt-link-abbreviated" href="mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a></a>&gt;
    wrote:
    <blockquote cite="mid:E76D5BF9-41BF-4AF5-BBAC-06F4EF574EBE@toom.im"
      type="cite">
      <div>
        <meta http-equiv="content-type" content="text/html;
          charset=windows-1252">
        <span style="color: rgb(34, 34, 34); font-family: 'Helvetica
          Neue', Arial, sans-serif; font-size: 15px; font-style: normal;
          font-variant: normal; font-weight: normal; letter-spacing:
          normal; line-height: 20px; orphans: auto; text-align: start;
          text-indent: 0px; text-transform: none; white-space: normal;
          widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px;
          display: inline !important; float: none;">2) The risk of an
          old full node wallet accepting a transaction whose</span><br
          style="color: rgb(34, 34, 34); font-family: 'Helvetica Neue',
          Arial, sans-serif; font-size: 15px; font-style: normal;
          font-variant: normal; font-weight: normal; letter-spacing:
          normal; line-height: 20px; orphans: auto; text-align: start;
          text-indent: 0px; text-transform: none; white-space: normal;
          widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px;">
        <span style="color: rgb(34, 34, 34); font-family: 'Helvetica
          Neue', Arial, sans-serif; font-size: 15px; font-style: normal;
          font-variant: normal; font-weight: normal; letter-spacing:
          normal; line-height: 20px; orphans: auto; text-align: start;
          text-indent: 0px; text-transform: none; white-space: normal;
          widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px;
          display: inline !important; float: none;">coins passed through
          a script that depends on the softforked rules.</span></div>
      <br>
    </blockquote>
    There's that, but there's also a case where an attacker creates a
    majority chain that follows the old rules but not the new ones.
    Non-upgraded nodes would accept a transaction on what they believe
    to be the consensus chain only to find that when they try to spend
    those coins no one accepts them because they were part of an invalid
    chain. <br>
    <br>
    This has the effect of dropping non upgraded nodes to a form of spv
    security without their consent. <br>
    <br>
    This is in contrast to a hard fork where a full node operator could
    explicitly set their node to accept higher version blocks that it
    can't validate. They get the soft fork functionality back but they
    have at least consented to it rather than have it forced on them.
    Doing forks that way would also have the benefit of notifying the
    user they are accepting unvalidated coins, whereas they wont know
    that in a soft fork. <br>
  </body>
</html>

--------------080301090108010004070405--