1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <etotheipi@gmail.com>) id 1UFSUA-0007Cb-FI
for bitcoin-development@lists.sourceforge.net;
Tue, 12 Mar 2013 16:55:34 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.219.50 as permitted sender)
client-ip=209.85.219.50; envelope-from=etotheipi@gmail.com;
helo=mail-oa0-f50.google.com;
Received: from mail-oa0-f50.google.com ([209.85.219.50])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1UFSU8-0008Hk-05
for bitcoin-development@lists.sourceforge.net;
Tue, 12 Mar 2013 16:55:34 +0000
Received: by mail-oa0-f50.google.com with SMTP id l20so61744oag.37
for <bitcoin-development@lists.sourceforge.net>;
Tue, 12 Mar 2013 09:55:26 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.182.118.1 with SMTP id ki1mr13088639obb.2.1363107326579;
Tue, 12 Mar 2013 09:55:26 -0700 (PDT)
Received: by 10.76.98.234 with HTTP; Tue, 12 Mar 2013 09:55:26 -0700 (PDT)
In-Reply-To: <201303121210.34515.luke@dashjr.org>
References: <513ED35A.8080203@gmail.com> <201303121210.34515.luke@dashjr.org>
Date: Tue, 12 Mar 2013 12:55:26 -0400
Message-ID: <CALf2ePwae8Y0KxYqcZxEk_KZjUcQN=jaAp=QWa20QeZtJU7UAA@mail.gmail.com>
From: Alan Reiner <etotheipi@gmail.com>
To: Luke-Jr <luke@dashjr.org>
Content-Type: multipart/alternative; boundary=f46d0447f240fddc8d04d7bd272f
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(etotheipi[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1UFSU8-0008Hk-05
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Some PR preparation
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 16:55:34 -0000
--f46d0447f240fddc8d04d7bd272f
Content-Type: text/plain; charset=ISO-8859-1
On Tue, Mar 12, 2013 at 8:10 AM, Luke-Jr <luke@dashjr.org> wrote:
>
>
> I think we should be careful not to downplay the reality either.
> For a number of hours, transactions could have received up to N
> confirmations
> and then still been reversed. While we could contact the bigger payment
> processors, I saw people still trying to buy/sell on OTC, whom could have
> been
> scammed even by taking standard precautions.
>
>
I don't want to misrepresent what happened, but how much of that was really
a risk? The block was rejected, but the transactions were not. Any valid
transactions to hit the network would get added to everyone's memory pool
and mined in both chains. Thus all nodes would still reject double-spend
attempts. As far as I understood it, you would've had to have majority
mining power on one of the chains (and both had non-negligible computing
power on them), so double-spending still required an exceptional amount of
resources -- just not the normal 50% that is normally needed. Perhaps...
10%? But how many people can even have 10%? In addition to that, a
victim needs to be found that hasn't seen the alert, is willing to execute
a large transaction, and is on the wrong side of the chain.
Is this incorrect? Yes, there was less resources needed to execute an
attack -- but it still required a very powerful attacker, way outside the
scope of "regular users."
--f46d0447f240fddc8d04d7bd272f
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On T=
ue, Mar 12, 2013 at 8:10 AM, Luke-Jr <span dir=3D"ltr"><<a href=3D"mailt=
o:luke@dashjr.org" target=3D"_blank">luke@dashjr.org</a>></span> wrote:<=
br><blockquote class=3D"gmail_quote" style=3D"margin-top:0px;margin-right:0=
px;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-co=
lor:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class=3D"im"><br>
<br>
</div>I think we should be careful not to downplay the reality either.<br>
For a number of hours, transactions could have received up to N confirmatio=
ns<br>
and then still been reversed. While we could contact the bigger payment<br>
processors, I saw people still trying to buy/sell on OTC, whom could have b=
een<br>
scammed even by taking standard precautions.<br><br></blockquote><div><br><=
/div><meta http-equiv=3D"content-type" content=3D"text/html; charset=3Dutf-=
8">I don't want to misrepresent what happened, but how much of that was=
really a risk? =A0The block was rejected, but the transactions were not. =
=A0Any valid transactions to hit the network would get added to everyone=
9;s memory pool and mined in both chains. =A0Thus all nodes would still rej=
ect double-spend attempts. =A0As far as I understood it, you would've h=
ad to have majority mining power on one of the chains (and both had non-neg=
ligible computing power on them), so double-spending still required an exce=
ptional amount of resources -- just not the normal 50% that is normally nee=
ded. =A0Perhaps... 10%? =A0 But how many people can even have 10%? =A0In ad=
dition to that, a victim needs to be found that hasn't seen the alert, =
is willing to execute a large transaction, and is on the wrong side of the =
chain.</div>
<div class=3D"gmail_quote"><br></div><div class=3D"gmail_quote">Is this inc=
orrect? =A0Yes, there was less resources needed to execute an attack -- but=
it still required a very powerful attacker, way outside the scope of "=
;regular users."<br>
<div>=A0</div></div></div></div>
--f46d0447f240fddc8d04d7bd272f--
|