1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
Return-Path: <bitcoin-dev@wuille.net>
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
by lists.linuxfoundation.org (Postfix) with ESMTP id 12E31C0893
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 22 Dec 2020 00:22:51 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by hemlock.osuosl.org (Postfix) with ESMTP id 0C5C8873A1
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 22 Dec 2020 00:22:51 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id J+j1iWrRoOss
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 22 Dec 2020 00:22:49 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail-40136.protonmail.ch (mail-40136.protonmail.ch
[185.70.40.136])
by hemlock.osuosl.org (Postfix) with ESMTPS id 120F48739E
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 22 Dec 2020 00:22:49 +0000 (UTC)
Date: Tue, 22 Dec 2020 00:22:37 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wuille.net;
s=protonmail2; t=1608596566;
bh=Wt3vtYEJZFfcnYaLFj8PjmAluO5U77Udk8Wxlhwjkmw=;
h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From;
b=Gh0+nIpxelDGeiekLCID6Q3KffnwWUdGc9Q3RhswrpXAT3n9TAK65kyNhVs90MsSY
u4Durg3YuH1kJ69SChWNJlSX3XRWD2SfuvyYuq7vDNxefhBB1N+9fR+B5hUuEJibTJ
k4lJuRUIX9Yxq5JnWVDTI+1lKuO9w0plkgNGTpjQgWGOx8eKmMbp3q42wZ+iVt7pls
6nYUrQmAfpbId0P11S5V2Bp3EgsuwjEq6gR7APGDF8GkAPFxogWChjxYIixy2Zvqdy
Fj3cHTMWhKGCnHPUNccCiYxF9VpBE7V+/L11NIl9YVQsusbr2HqUxka+mhht1Zljqc
5SYdfBamIhpmQ==
To: Pieter Wuille <bitcoin-dev@wuille.net>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
From: Pieter Wuille <bitcoin-dev@wuille.net>
Reply-To: Pieter Wuille <bitcoin-dev@wuille.net>
Message-ID: <pa8YeCM--QSIGM9vegsiOzaxoLyXm55KTGQBZJk2Waw6blIz3l_RxY-rgKRQ40LmJupOmL-orWwfY7tVpDVboXd4BCCpZZEbC30l8HDum2k=@wuille.net>
In-Reply-To: <Xpjf4qIbUPHa_K-yS1GRlsG4rVXBR9OHgzsxjgABhw0hg7jPFn4l4wwgVH_1iRVR5jFDK2cUb0qsbA1FQKiQZRTFPh77MGibgaVUaVbB_Ng=@wuille.net>
References: <20201218152720.GW106279@boulet>
<CALJw2w4bFp8qcxNzz7hn_ZeGG8WWTPu-mRv6A4cPt66EHimyeg@mail.gmail.com>
<Xpjf4qIbUPHa_K-yS1GRlsG4rVXBR9OHgzsxjgABhw0hg7jPFn4l4wwgVH_1iRVR5jFDK2cUb0qsbA1FQKiQZRTFPh77MGibgaVUaVbB_Ng=@wuille.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [bitcoin-dev] BIP-0322 (generic signmessage) improvements
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Dec 2020 00:22:51 -0000
On Monday, December 21, 2020 2:57 PM, Pieter Wuille via bitcoin-dev <bitcoi=
n-dev@lists.linuxfoundation.org> wrote:
> On Sunday, December 20, 2020 9:37 PM, Karl-Johan Alm via bitcoin-dev bitc=
oin-dev@lists.linuxfoundation.org wrote:
>
> > Thanks a lot for taking the time to brush up the BIP. For what it's
> > worth, I am all for these changes, and I see them as clear
> > improvements all around.
> > IIRC Pieter was the one who originally suggested the two-checks
> > approach (invalid, inconclusive, valid) which is being modified here,
> > so would be good if you chimed in (or not -- which I'll assume means
> > you don't mind).
>
> I agree with the idea of permitting incomplete validators to return incon=
clusive as well. That doesn't really reduce the functionality (given that "=
inconclusive" was already a potential result), and it obviously makes it mu=
ch more accessible to a variety of software.
>
> This suggestion breaks the original use of inconclusive though: the abili=
ty to detect that future features are used in the signature. The idea was t=
o use divergence between "consensus valid" and "standardness valid" as a pr=
oxy for future extensions to be detected (e.g. OP_NOPn, future witness vers=
ions, ...). I think it's undesirable that these things now become unconditi=
onally invalid (until the BIP is updated, but once that happens old validat=
ors will give a different result than new ones).
>
> Since the BIP no longer relies on a nebulous concept of standardness, and=
instead specifically defines which standardness features are to be conside=
red, this seems easy to fix: whenever validation fails due to any of those,=
require reporting inconclusive instead of invalid (unless of course someth=
ing actually invalid also happens). In practice I guess you'd implement tha=
t (in capable validators) by still doing validation twice, once with all fe=
atures enabled that distinguish between valid/invalid, and if valid, again =
but now with the features enabled that distinguish between valid and (inval=
id or inconclusive).
Re-reading your proposed text, I'm wondering if the "consensus-only validat=
ion" extension is intended to replace the inconclusive-due-to-consensus-and=
-standardness-differ state. If so, I don't think it does, and regardless it=
doesn't seem very useful.
What I'm suggestion could be specified this way:
* If validator understands the script:
* If signature is consensus valid (as far as the validator knows):
* If signature is not known to trigger standardness rules intended for =
future extension (well-defined set of rules listed in BIP, and revisable): =
return valid
* Otherwise: return inconclusive
* Otherwise: return invalid
* Otherwise: return inconclusive
Or in other words: every signature has a well-defined result (valid, invali=
d, inconclusive) + validators may choose to report inconclusive for anythin=
g they don't understand.
This has the property that as long as new consensus rules only change thing=
s that were covered under for-future-extension standardness rules, no two v=
alidators will ever claim valid and invalid for the same signature. Only va=
lid+inconclusive or invalid+inconclusive.
Cheers,
--
Pieter
|
