1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <mh.in.england@gmail.com>) id 1UOs20-0003tn-Lx
for bitcoin-development@lists.sourceforge.net;
Sun, 07 Apr 2013 16:01:24 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.219.44 as permitted sender)
client-ip=209.85.219.44; envelope-from=mh.in.england@gmail.com;
helo=mail-oa0-f44.google.com;
Received: from mail-oa0-f44.google.com ([209.85.219.44])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1UOs1v-00037e-5Y
for bitcoin-development@lists.sourceforge.net;
Sun, 07 Apr 2013 16:01:24 +0000
Received: by mail-oa0-f44.google.com with SMTP id h1so5459468oag.3
for <bitcoin-development@lists.sourceforge.net>;
Sun, 07 Apr 2013 09:01:13 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.182.151.9 with SMTP id um9mr12999073obb.89.1365350473785;
Sun, 07 Apr 2013 09:01:13 -0700 (PDT)
Sender: mh.in.england@gmail.com
Received: by 10.76.162.198 with HTTP; Sun, 7 Apr 2013 09:01:13 -0700 (PDT)
In-Reply-To: <CAPg+sBhYuK79Gost2p1ksytNUTjAHz1REC1DRQaP2UD=cjRA0g@mail.gmail.com>
References: <CAPg+sBhYuK79Gost2p1ksytNUTjAHz1REC1DRQaP2UD=cjRA0g@mail.gmail.com>
Date: Sun, 7 Apr 2013 18:01:13 +0200
X-Google-Sender-Auth: DjnV9IFOFeHILP_yMRbpeV2P4c4
Message-ID: <CANEZrP3hu4C6-3gNFAcz85WL4HR+McHGiLG8E+-35VwyFGz7mw@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Pieter Wuille <pieter.wuille@gmail.com>
Content-Type: multipart/alternative; boundary=f46d0444e925fbecf804d9c76d1c
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mh.in.england[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1UOs1v-00037e-5Y
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Who is creating non-DER signatures?
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 07 Apr 2013 16:01:24 -0000
--f46d0444e925fbecf804d9c76d1c
Content-Type: text/plain; charset=UTF-8
It'd help to know how the signatures are invalid.
On Sun, Apr 7, 2013 at 5:34 PM, Pieter Wuille <pieter.wuille@gmail.com>wrote:
> (cross-post from bitcointalk.org)
>
> Hello all,
>
> as some may know, Bitcoin uses DER-encoded signatures in its transactions.
> However, OpenSSL (which is used to verify them) accepts more than just the
> strict DER specification (it allows negative numbers, extra zero padding,
> extra bytes at the end, and perhaps more). As we don't like the de-facto
> specification of the Bitcoin block validity rules to depend on OpenSSL,
> we're trying to introduce a rule to make such non-standard signatures
> invalid. Obviously, that can't be done as long as any significant amount of
> clients on the network is creating these.
>
> I've monitored all transactions the past weeks (1.4M transactions), and it
> seems 9641 of them contain at least one non-standard signature. See
> https://bitcointalk.org/index.php?topic=169620.0 for a list of the top
> addresses that had coins used as inputs in such transactions. If you
> recognize any of these addresses, or have an idea of who owns them or what
> software they are using, please let me know.
>
> Thanks!
>
> --
> Pieter
>
>
>
> ------------------------------------------------------------------------------
> Minimize network downtime and maximize team effectiveness.
> Reduce network management and security costs.Learn how to hire
> the most talented Cisco Certified professionals. Visit the
> Employer Resources Portal
> http://www.cisco.com/web/learning/employer_resources/index.html
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
--f46d0444e925fbecf804d9c76d1c
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">It'd help to know how the signatures are invalid.</div=
><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Sun, Apr =
7, 2013 at 5:34 PM, Pieter Wuille <span dir=3D"ltr"><<a href=3D"mailto:p=
ieter.wuille@gmail.com" target=3D"_blank">pieter.wuille@gmail.com</a>></=
span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div>(cross-post from <a hr=
ef=3D"http://bitcointalk.org" target=3D"_blank">bitcointalk.org</a>)</div><=
div><br>
</div>Hello all,<div><br></div><div><div>as some may know, Bitcoin uses DER=
-encoded signatures in its transactions. However, OpenSSL (which is used to=
verify them) accepts more than just the strict DER specification (it allow=
s negative numbers, extra zero padding, extra bytes at the end, and perhaps=
more). As we don't like the de-facto specification of the Bitcoin bloc=
k validity rules to depend on OpenSSL, we're trying to introduce a rule=
to make such non-standard signatures invalid. Obviously, that can't be=
done as long as any significant amount of clients on the network is creati=
ng these.<br>
</div><div><br></div><div>I've monitored all transactions the past week=
s (1.4M transactions), and it seems 9641 of them contain at least one non-s=
tandard signature. See=C2=A0<a href=3D"https://bitcointalk.org/index.php?to=
pic=3D169620.0" target=3D"_blank">https://bitcointalk.org/index.php?topic=
=3D169620.0</a>=C2=A0for a list of the top addresses that had coins used as=
inputs in such transactions. If you recognize any of these addresses, or h=
ave an idea of who owns them or what software they are using, please let me=
know.</div>
<div><br></div><div>Thanks!</div></div><span class=3D"HOEnZb"><font color=
=3D"#888888"><div><br></div><div>--=C2=A0</div><div>Pieter</div><div><br></=
div></font></span></div>
<br>-----------------------------------------------------------------------=
-------<br>
Minimize network downtime and maximize team effectiveness.<br>
Reduce network management and security costs.Learn how to hire<br>
the most talented Cisco Certified professionals. Visit the<br>
Employer Resources Portal<br>
<a href=3D"http://www.cisco.com/web/learning/employer_resources/index.html"=
target=3D"_blank">http://www.cisco.com/web/learning/employer_resources/ind=
ex.html</a><br>_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
<br></blockquote></div><br></div>
--f46d0444e925fbecf804d9c76d1c--
|