1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
|
Delivery-date: Sun, 21 Jul 2024 13:49:17 -0700
Received: from mail-qv1-f60.google.com ([209.85.219.60])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBAABBRPI6W2AMGQEZCMKFXY@googlegroups.com>)
id 1sVdUa-00050y-UP
for bitcoindev@gnusha.org; Sun, 21 Jul 2024 13:49:17 -0700
Received: by mail-qv1-f60.google.com with SMTP id 6a1803df08f44-6b5de421bc6sf68132806d6.0
for <bitcoindev@gnusha.org>; Sun, 21 Jul 2024 13:49:16 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1721594950; cv=pass;
d=google.com; s=arc-20160816;
b=wG4nOpVANa3pNwppSY3IKvmOnsjtqD4/trm7hJlbog9ETRr9WtjiiYcZ1NuyocO1FM
kdc7PPWG5UbPurBh5zV0z88kLT6o0tl7oj5JUxw5PZyhNq5fbnukzRcqkeCQZmxEZS9b
mP+qQNo8G3L8lugaB9WEJ2vphlhQXZqZDRi+aq6ZgMwcs/eAG/kmO7xPBEveOaII5tnw
A1nkRzrCVeJJ/yX2bzBatngaw92KtqMqD+Is7DClikhYOCs61yzx73TGHogCeu5QrFUt
0eGIzuTUIZi430/Rthq0fjwxWyuQPrIMOKkx9zMcQdqlJdFdN/Uuy6jg/oanApd3GTnU
QbTQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to:content-transfer-encoding
:mime-version:feedback-id:references:in-reply-to:message-id:subject
:from:to:date:dkim-signature;
bh=CEj3VHqOyam2T9bK5D5MXHdjX72GrhjMwo/r3Xjit1c=;
fh=j0uLF+CJaL5t7WMY3dX+t+lmQqgwKlKaFNw1NLXF8bM=;
b=GOpNAnt3zMBKdZdAYxhdV2uuEWUt0nMPX23rgaMQMpyXY9RCJhQWxNLMCHO2SIoIKg
kzGvoMQEpwagHskwvr8D2LC+nXHApuzTdrDuZq+F5rkDYOypem1Kjtyv5ktTi5TYSxpG
errxzsrQBkoKgltkCbljUQjyhG3I6lLVBOthoKuJUa6NA+J8cf+Vad6pTLfMxYZzpAaM
qp26g6ehQnlLDyTDvdl1nZIAyQIQtNkcQPxJNp6r21a7IlmSLWkUIEUbyVZAwSnLU1IF
8MUmvNgplnxCBI65xNxdSceGD6HUlwRZeAg9Pde8FJntPFzJE5A3BFx9CzvADq9z5LiX
vwwA==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@achow101.com header.s=protonmail header.b=ESc6xjbD;
spf=pass (google.com: domain of lists@achow101.com designates 185.70.40.22 as permitted sender) smtp.mailfrom=lists@achow101.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=achow101.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1721594950; x=1722199750; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender
:content-transfer-encoding:mime-version:feedback-id:references
:in-reply-to:message-id:subject:from:to:date:from:to:cc:subject:date
:message-id:reply-to;
bh=CEj3VHqOyam2T9bK5D5MXHdjX72GrhjMwo/r3Xjit1c=;
b=A9zrbTFLYxxew4rilenJNiWuWyFNXjiH9j2BeJEX+OS1x9EMT7NWDVG4eTYnuuFIvX
pPXumC6B7ZcKt/Gd4K3rHrIi6NCSEDUbYBybl4DdNC78Ncr6JT8oXfffWHkDI7De/vms
8uZgtwQEStRNzo0Awz/ZXe9Q9rwkYsixDUm7hlOHqEJqyDeYMr+4zGpTawzDOIQVaSaA
/MiNERF0Jvj1a/hf1uhjPeIyTOC2xAUAjgIuguFTFG/c8FlxIPUqmA2uWmKrB2PLsQpf
is2ZAp/bUUNVRk0iSpT0FpXTnCmFMDkEFUhvr5J6FLkZQHAWlpOJfi5GKlLH5E06BwLc
7Nsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1721594950; x=1722199750;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender
:content-transfer-encoding:mime-version:feedback-id:references
:in-reply-to:message-id:subject:from:to:date:x-beenthere
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=CEj3VHqOyam2T9bK5D5MXHdjX72GrhjMwo/r3Xjit1c=;
b=KPJ0jtPqnb1OFlZ3n4wtKIl7KH/MuD93deqgt4YhZcqssiinO2i9+kIVYOgiWIRcoX
x8PQfj54znNQE/2fF8oJFNkpKOKoG2OLLtpdIQ4+M5nRTzHAdw/D4gYkPOiCo2ydz03y
VmiRJ9QKt3k8Abm2dEF2KPMOGcIUCwjcd1BPvXOT4/RuQ8BWb1tghIqI1pH1/7Mp2djP
mfGwC+wQmQNI5+lyxDu+OiWdopW0CgrA+68Blt2SqPVDrbHv54xlFLHqN2NmSKrXVYIG
oRcs/jS4LUcE+bJCdlpsVH5LDUGCZczvtUFHrI1ttEF0aflJAmd61fYFxIM9hfiSpq6U
xO8A==
X-Forwarded-Encrypted: i=2; AJvYcCUoY85C9I+nMTaeHBc9Sx5SDVtSANj2DY6fiosmapPCLcBXftHrOjkVqNQB9jqrmmdhB/2PtN4ffHUB20LS3c9wW0iuhUY=
X-Gm-Message-State: AOJu0YzqQEcPpAbYP5xxbke9iASjilxYXLWFEihA9+Bcc679xXXz7qBn
pf0SvQuBQeppdsL4IaTYEykFkbYQ9LFgpEPMygjUIq5EQtp819Us
X-Google-Smtp-Source: AGHT+IFPFusNOTQSMesglv4D3s61Z5v00ky9Ao1kVKrFEMqWTod5Wl63/FIAQOakrfqC/KlgVdTKvQ==
X-Received: by 2002:a05:6214:5298:b0:6b0:9479:cdd7 with SMTP id 6a1803df08f44-6b961136636mr71086606d6.54.1721594950508;
Sun, 21 Jul 2024 13:49:10 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:6214:2d02:b0:6b7:9a07:4191 with SMTP id
6a1803df08f44-6b79b7b7950ls66881526d6.2.-pod-prod-01-us; Sun, 21 Jul 2024
13:49:09 -0700 (PDT)
X-Received: by 2002:a05:6214:20c8:b0:6b5:37ed:b9b2 with SMTP id 6a1803df08f44-6b94013c2d0mr7147426d6.0.1721594949493;
Sun, 21 Jul 2024 13:49:09 -0700 (PDT)
Received: by 2002:a05:620a:22da:b0:79c:bd3:58c5 with SMTP id af79cd13be357-7a18f14f124ms85a;
Sun, 21 Jul 2024 13:17:36 -0700 (PDT)
X-Received: by 2002:a05:600c:474c:b0:426:6b14:1839 with SMTP id 5b1f17b1804b1-427dc4804a5mr49152935e9.0.1721593054479;
Sun, 21 Jul 2024 13:17:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1721593054; cv=none;
d=google.com; s=arc-20160816;
b=NOPhOXf9co6YYwyRxwUJ0zp3eRlZtzpRIbvq52lSvw/01XAjgzd1ypDS56QWGMEqky
EgUvTnWxBA1p8CjfKF+MEpMI4jUTOvsAuufBTeSY6TRO//W4kb1bCyqBjv+mkmsAsJB6
GhvbXmOnwUwyBz4RT0IDf8Gx6hNgO9RE7rNwV1xwutUg046ZdgLY47pyGix08HxXmU/l
mq2FJSGK2CLQcm4Jmc6al8W6+J9/iskwCG4huWCUZReOTMFgYmy9o45p6IM/XRSLehCW
Sfv3JW0fsXvSXjRBL260PbgMR81oORF+FLhGvbbomewTKzZCto7ipM2wBP0GtyaGTJ+w
kkJw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-transfer-encoding:mime-version:feedback-id:references
:in-reply-to:message-id:subject:from:to:date:dkim-signature;
bh=jZgBsneizBBP4tJQXVQ2CzhvhKsYpMsq8u2QAicykOA=;
fh=VcGcg+Zjs9gw1uDcHbxsAILhBAcecnbJzZRdxgKVDIc=;
b=ocJK5wYPFp3/8u3jHcgvpaWWWahApkNK7kmbIHGSf+yYOpVNDKloEUIGhJO1kLOhRY
DJHVEW9tDnMdQXxnQ9cikHcr2SD6E/Urao2vLhSQSdTA0Qb6UjFuN2S0bOXv08lMSZXq
zq9gkDhXWYwYWvrDKmOdcWQZIwv3SUOt9UwvN144BtaLtDOQzjCOJO6L0ag6npQDNGgT
li3liLjDA+lNEyzMLdQYholvWOqdKVvqENdJzU4q5vnyWtVcq/uOsHuxCl7vqa5y1/B2
hH1LYxcE5lqPb2uwdyL29NtkfCYS9BMLF01Rx83iSz6QswbqiczZc+z8iNj4jTcfTTOs
Cr1w==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@achow101.com header.s=protonmail header.b=ESc6xjbD;
spf=pass (google.com: domain of lists@achow101.com designates 185.70.40.22 as permitted sender) smtp.mailfrom=lists@achow101.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=achow101.com
Received: from mail-4022.proton.ch (mail-4022.proton.ch. [185.70.40.22])
by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-427d2a7f6b4si4976675e9.1.2024.07.21.13.17.34
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 21 Jul 2024 13:17:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of lists@achow101.com designates 185.70.40.22 as permitted sender) client-ip=185.70.40.22;
Date: Sun, 21 Jul 2024 20:17:13 +0000
To: bitcoindev@googlegroups.com
From: "'Ava Chow' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Re: A "Free" Relay Attack Taking Advantage of The
Lack of Full-RBF In Core
Message-ID: <a8eac5f2-b85a-434f-868e-eba7fd2558c6@achow101.com>
In-Reply-To: <2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn@googlegroups.com>
References: <Zpk7EYgmlgPP3Y9D@petertodd.org> <18fc443d-c347-4a84-94fe-81308ae20b76n@googlegroups.com> <Zpm73WHBNIkkIT0Y@petertodd.org> <CALZpt+HJvBXM_geK7JC8umrt1goq8bc+pnY0mk+o+r_+bjrtew@mail.gmail.com> <Zpp6U00Mp7Z/bOej@petertodd.org> <4d950527-4430-49f2-8e38-3755bc58e301n@googlegroups.com> <4f7eddff-9e2d-4beb-bcc6-832584cb939d@achow101.com> <2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn@googlegroups.com>
Feedback-ID: 53660394:user:proton
X-Pm-Message-ID: 905055aa296a0bbafc4625c538e53d0b383cc431
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Original-Sender: lists@achow101.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@achow101.com header.s=protonmail header.b=ESc6xjbD; spf=pass
(google.com: domain of lists@achow101.com designates 185.70.40.22 as
permitted sender) smtp.mailfrom=lists@achow101.com; dmarc=pass
(p=REJECT sp=REJECT dis=NONE) header.from=achow101.com
X-Original-From: Ava Chow <lists@achow101.com>
Reply-To: Ava Chow <lists@achow101.com>
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -1.0 (-)
On 07/20/2024 10:06 PM, Antoine Riard wrote:
> "Naive", as saying this is the _Bitcoin Core_ project list only can only=
=20
> provoke blind
> spot among the list members if the security issues are either affecting=
=20
> old part of
> the codebases that younger members have less experiences with (some=20
> parts like consensus
> or block-relay are modified only every 5 years) or novel factors from=20
> upstream or downstream
> (e.g the internet networking stack or implications on deployed contract=
=20
> protocols like
> lightning). On both the former and latter criterias, I think Peter=20
> overly meets the bar.
Peter was not the only "senior" person on the security list. Obviously I=20
will not disclose non-public information, but certainly there are people=20
on the security list who are just as, if not more, senior than Peter.
Furthermore, the "old parts" still do get changed, and someone who no=20
longer actively contributes to the project is more likely to be unaware=20
of how the code actually works today, even if they are familiar with=20
components that change infrequently.
> When you've big sh*t hitting the fan like inflation bugs or level DB=20
> 2013 unexpected fork you
> prefer have experts with a decade of experience to collaborate with, and=
=20
> sharing the same cultural
> and ethical norms of the active contributors evaluated by numbers on=20
> commits on the last single-digit
> years.
Not being on the list does not preclude him from being consulted if the=20
need arises.
With the two examples you provide, I am not aware of Peter being=20
actively involved in the resolution of both of those, whereas there are=20
current members of the list who were.
In general though, it is not clear to me how it was beneficial to have=20
Peter on the security list, nor how not having him is directly harmful.=20
In the 2 years that I have been on the security list, I was unaware that=20
Peter was a recipient until shortly before he was removed. My=20
understanding is that others who have been on the list longer than me=20
were also unaware.
Ava
>=20
> I'll repropose Peter admission on the security list mailing list in the=
=20
> coming weeks by opening an
> issue on the bitcoin-meta repository, once this current mailing list=20
> thread has slowed down a bit,
> or at least the technical analysis has been dissociated from the=20
> proceedings which have all been
> bundle in a big message. In my very personal opinion, I still trust more=
=20
> Peter competence and experience
> than some other people I know who are on the security mailing list.
>=20
> All that said I appreciate your answer and I'm satisfied from the=20
> personal role you've have played
> in the matter with, and be reassured I'll keep you among the recipient=20
> of future security issues with
> a potential impact on bitcoin core that I might find or be aware off.
>=20
> Best,
> Antoine
> ots hash: db441b51684ad3a6897f67d42c74ccfcb9a4ffed40d4bdbe30a2edd867ccdd5=
4
>=20
> Le samedi 20 juillet 2024 =C3=A0 01:50:25 UTC+1, Ava Chow a =C3=A9crit=C2=
=A0:
>=20
> On 07/19/2024 07:58 PM, Antoine Riard wrote:
> > As said in one my previous email, I'm still curious about achow101
> > explaining publicly
> > why you have been kicked-out of the bitcoin-security mailing
> list, when
> > you were certainly
> > more senior than achow101 in matters of base-layer security
> issues or
> > even hard technical
> > issues like consensus interactions (e.g bip65). I'll re-iterate my
> > respect towards achow101
> > as a maintainer from years of collaboration, though this is a topi=
c
> > worthy of an answer.
>=20
> I am not the one that removed Peter from the mailing list, nor do I
> even
> have the login(s) to do so.
>=20
> There was a discussion amongst several members of the security list
> about who was on the list, and who should be on the list. Given that
> the
> security list is the _Bitcoin Core_ security list, we determined that
> the people who should be on the list are people who still actively
> contribute to the project. As Peter Todd no longer actively contribut=
e
> code nor code review to the project, we decided that it didn't make
> sense to continue to have him on the list.
>=20
> My recollection is that multiple other people were removed from the
> list
> for the same reason at the same time.
>=20
> Ava
>=20
> --=20
> You received this message because you are subscribed to the Google=20
> Groups "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send=20
> an email to bitcoindev+unsubscribe@googlegroups.com=20
> <mailto:bitcoindev+unsubscribe@googlegroups.com>.
> To view this discussion on the web visit=20
> https://groups.google.com/d/msgid/bitcoindev/2aa2d6fa-ae72-4aef-9fda-49e2=
f7c657abn%40googlegroups.com <https://groups.google.com/d/msgid/bitcoindev/=
2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn%40googlegroups.com?utm_medium=3Demail=
&utm_source=3Dfooter>.
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/=
bitcoindev/a8eac5f2-b85a-434f-868e-eba7fd2558c6%40achow101.com.
|