1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <etotheipi@gmail.com>) id 1WDeZI-0001ZD-8s
for bitcoin-development@lists.sourceforge.net;
Wed, 12 Feb 2014 18:29:56 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.216.51 as permitted sender)
client-ip=209.85.216.51; envelope-from=etotheipi@gmail.com;
helo=mail-qa0-f51.google.com;
Received: from mail-qa0-f51.google.com ([209.85.216.51])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1WDeZG-0006XK-5d
for bitcoin-development@lists.sourceforge.net;
Wed, 12 Feb 2014 18:29:56 +0000
Received: by mail-qa0-f51.google.com with SMTP id f11so14334806qae.24
for <bitcoin-development@lists.sourceforge.net>;
Wed, 12 Feb 2014 10:29:48 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.224.11.136 with SMTP id t8mr68624387qat.26.1392229283444;
Wed, 12 Feb 2014 10:21:23 -0800 (PST)
Received: by 10.229.66.67 with HTTP; Wed, 12 Feb 2014 10:21:23 -0800 (PST)
Received: by 10.229.66.67 with HTTP; Wed, 12 Feb 2014 10:21:23 -0800 (PST)
In-Reply-To: <CALf2ePyQeOxL3d+QoaWSYy_cCKaF9qq1StBwXFms9NyedUg3eg@mail.gmail.com>
References: <CAPg+sBgPG+2AMbEHSRQNFn6FikbRzxkWduj5MSZLz-O6Wh940w@mail.gmail.com>
<20140210030048.GB31925@savin>
<CAH2=CKzNGN7mpe1NLtsLRNSszSD2ZNwjoAsaH40EvGtA5ezDeQ@mail.gmail.com>
<CAAS2fgShVqU+T6q56H2ePZhuHvGgftdXh=zUvgeQRRG2pOP8NQ@mail.gmail.com>
<CALf2ePyQeOxL3d+QoaWSYy_cCKaF9qq1StBwXFms9NyedUg3eg@mail.gmail.com>
Date: Wed, 12 Feb 2014 13:21:23 -0500
Message-ID: <CALf2ePw2jtA3UOrdqk_DS1kfpKZm39RdSUw3FoP9Bkyog5=QRg@mail.gmail.com>
From: Alan Reiner <etotheipi@gmail.com>
To: Gregory Maxwell <gmaxwell@gmail.com>
Content-Type: multipart/alternative; boundary=001a11c2c2b8e45dff04f239a3ad
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(etotheipi[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WDeZG-0006XK-5d
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] [RFC] [BIP proposal] Dealing with
malleability
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 12 Feb 2014 18:29:56 -0000
--001a11c2c2b8e45dff04f239a3ad
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
We're talking about two slightly different things. If their system had
tracked by inputs and outputs (or some kind of static ID) , their system
wouldn't have been issuing refunds/replacements/cancellations in the first
place.
I agree with you that the reissuing code should also guarantee that both TX
can't be valid... But really their system should do both. Without the I/O
based tracking their bookkeeping will be off, regardless of the reissuing
code, because they can't properly associate outgoing transactions with
customer accounts/actions.
Sent from my overpriced smartphone
On Feb 12, 2014 1:06 PM, "Gregory Maxwell" <gmaxwell@gmail.com> wrote:
On Wed, Feb 12, 2014 at 7:12 AM, Rune Kj=E6r Svendsen <runesvend@gmail.com>
wrote:
> Instead of trying to remove the possibility of transaction
> malleability, would it make sense to define a new, "canonical
> transaction hash/ID" (cTxID), which would be a hash of the part of the
> transaction data which we know is not malleable, and have clients use
> this cTxID internally, thus making the traditional transaction hash
> irrelevant for a client to function correctly?
This is fine and good. But it only scratches the surface of the
problems created by malleability, especially for fancier transaction
protocols.
Mutation allows you to invalidate a chain of unconfirmed transaction
by mutating the parent. This breaks any protocol which depends on
creating a precomputed nlocked time refund transaction.
So a canonical ID can be used to prevent some buggy behavior it
doesn't actually fix the problem. Fortunately the non-fixed parts
aren't too critical today.
On Wed, Feb 12, 2014 at 8:22 AM, Alan Reiner <etotheipi@gmail.com> wrote:
> I think the solution is simply to encourage Bitcoin software developers t=
o
> design their software to use this static ID, instead of the full
transaction
> hash. If MtGox had talked those IDs instead of the TX ID, their
software
> would've correctly identified the mutated transactions and there would be
> no problem.
This is incorrect. MtGox was automatically issuing replacement
transactions resulting in double payments.
When you attempt to replace/reissue/cancel a transaction you __MUST__
double-spend the original transaction. If the original transaction has
not been conflicted then it is possible someone will pull the original
transaction out of a hat and both your replacement and the original
will be confirmed. It is not safe at any time to look to see if the
original has been confirmed yet, and if not reissue-- not because
mutation may mean you're looking in the wrong place-- but because the
state of the world could change nano-seconds after you looked.
If you do double-spend the original then there is no chance that both
will go through, you'll have atomic exclusion and only one transaction
or the other will be confirmed.
---------------------------------------------------------------------------=
---
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience. Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=3D124407151&iu=3D/4140/ostg.c=
lktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
--001a11c2c2b8e45dff04f239a3ad
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<p dir=3D"ltr">We're talking about two slightly different things. =
If their system had tracked by inputs and outputs (or some kind of static =
ID) , their system wouldn't have been issuing refunds/replacements/canc=
ellations in the first place. </p>
<p dir=3D"ltr">I agree with you that the reissuing code should also guarant=
ee that both TX can't be valid... But really their system should do bot=
h. Without the I/O based tracking their bookkeeping will be off=
, regardless of the reissuing code, because they can't properly a=
ssociate outgoing transactions with customer accounts/actions. </p>
<p dir=3D"ltr">Sent from my overpriced smartphone </p>
<div class=3D"gmail_quote">On Feb 12, 2014 1:06 PM, "Gregory Maxwell&q=
uot; <<a href=3D"mailto:gmaxwell@gmail.com">gmaxwell@gmail.com</a>> w=
rote:<br type=3D"attribution"><blockquote class=3D"quote" style=3D"margin:0=
0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class=3D"quoted-text">On Wed, Feb 12, 2014 at 7:12 AM, Rune Kj=E6r Sve=
ndsen <<a href=3D"mailto:runesvend@gmail.com">runesvend@gmail.com</a>>=
; wrote:<br>
> Instead of trying to remove the possibility of transaction<br>
> malleability, would it make sense to define a new, "canonical<br>
> transaction hash/ID" (cTxID), which would be a hash of the part o=
f the<br>
> transaction data which we know is not malleable, and have clients use<=
br>
> this cTxID internally, thus making the traditional transaction hash<br=
>
> irrelevant for a client to function correctly?<br>
<br>
</div>This is fine and good. But it only scratches the surface of the<br>
problems created by malleability, especially for fancier transaction<br>
protocols.<br>
<br>
Mutation allows you to invalidate a chain of unconfirmed transaction<br>
by mutating the parent. This breaks any protocol which depends on<br>
creating a precomputed nlocked time refund transaction.<br>
<br>
So a canonical ID can be used to prevent some buggy behavior it<br>
doesn't actually fix the problem. Fortunately the non-fixed parts<br>
aren't too critical today.<br>
<div class=3D"quoted-text"><br>
On Wed, Feb 12, 2014 at 8:22 AM, Alan Reiner <<a href=3D"mailto:etotheip=
i@gmail.com">etotheipi@gmail.com</a>> wrote:<br>
> I think the solution is simply to encourage Bitcoin software developer=
s to<br>
> design their software to use this static ID, instead of the full trans=
action<br>
> hash. If MtGox had talked those IDs instead of the TX ID,=
their software<br>
> would've correctly identified the mutated transactions and there w=
ould be<br>
> no problem.<br>
<br>
</div>This is incorrect. MtGox was automatically issuing replacement<=
br>
transactions resulting in double payments.<br>
<br>
When you attempt to replace/reissue/cancel a transaction you __MUST__<br>
double-spend the original transaction. If the original transaction has<br>
not been conflicted then it is possible someone will pull the original<br>
transaction out of a hat and both your replacement and the original<br>
will be confirmed. It is not safe at any time to look to see if the<b=
r>
original has been confirmed yet, and if not reissue— not because<br>
mutation may mean you're looking in the wrong place— but because =
the<br>
state of the world could change nano-seconds after you looked.<br>
<br>
If you do double-spend the original then there is no chance that both<br>
will go through, you'll have atomic exclusion and only one transaction<=
br>
or the other will be confirmed.<br>
<div class=3D"elided-text"><br>
---------------------------------------------------------------------------=
---<br>
Android apps run on BlackBerry 10<br>
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.<br>
Now with support for Jelly Bean, Bluetooth, Mapview and more.<br>
Get your Android app in front of a whole new audience. Start now.<br>
<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D124407151&iu=
=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam=
pad/clk?id=3D124407151&iu=3D/4140/ostg.clktrk</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</div></blockquote></div>
--001a11c2c2b8e45dff04f239a3ad--
|
