1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <zgenjix@yahoo.com>) id 1S2mvK-0001EU-0I
for bitcoin-development@lists.sourceforge.net;
Wed, 29 Feb 2012 17:02:42 +0000
X-ACL-Warn:
Received: from nm30-vm5.bullet.mail.ne1.yahoo.com ([98.138.91.252])
by sog-mx-4.v43.ch3.sourceforge.com with smtp (Exim 4.76)
id 1S2mvE-0000sl-9B for bitcoin-development@lists.sourceforge.net;
Wed, 29 Feb 2012 17:02:41 +0000
Received: from [98.138.90.56] by nm30.bullet.mail.ne1.yahoo.com with NNFMP;
29 Feb 2012 17:02:29 -0000
Received: from [98.138.89.194] by tm9.bullet.mail.ne1.yahoo.com with NNFMP;
29 Feb 2012 17:02:29 -0000
Received: from [127.0.0.1] by omp1052.mail.ne1.yahoo.com with NNFMP;
29 Feb 2012 17:02:29 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 914322.57462.bm@omp1052.mail.ne1.yahoo.com
Received: (qmail 4193 invoked by uid 60001); 29 Feb 2012 17:02:29 -0000
X-YMail-OSG: F1OYUs4VM1kGnHo5bVdVDjXrMJ1iYh.qG1gUGbe6ARKZfit
xJ3rTUT080Rn9Cd3lTD2MLEcEFpH6LAmTMqG_c6xJrZSOIfI5gt4P.OYDGnD
Umdq1MHFqA6ePmkfVF4_eHJFdPgTZcdZRkCBIQSaKlX3SKvcqFvmh6bcA6Fe
4Vbs5879w6QMQvIRQ.o_tj6g2L2UZg8ZXQ0iQshRYLlpV0xoGJ1RQOP0VxtZ
IVd8Kf43I7r0Ku1ZIO3Vq1xb0zGiBiJqkHwyhcUWXAfTqrO5lXxMBX0rGr6O
b2a9pdeLDR0d5aOBQJHpFsoN3v3AIVD.yoGd3HZLdG08Smu7k0vh_lEbgdAU
vRFDEMEaJdczgT2T4RCQs8hLGLzS2fw9Hyk96EoTllYiN2TOGV6GiNAjG04M
ehfNNJWNFlWPJ85ph0pGd_d2pE8_IGxdr6ZgugmD0U10MHVxySDOtq820WzK
McbU9PZcmYJLk9aD5inibsvTrC7aDeMvkSWL010URAVp4uJ6d3Z9us8o2ZPB
3Jlg30FwIxFsWyY6bTVGYlPVoLCmXh2FEdUWU_5QAjGV1QGLZjbKYJ36gtw- -
Received: from [2.97.161.54] by web121004.mail.ne1.yahoo.com via HTTP;
Wed, 29 Feb 2012 09:02:29 PST
X-Mailer: YahooMailWebService/0.8.116.338427
References: <CAPg+sBhb+gYMwp1OJuCHYt5=BU63=YBWOFaLLthHBkN_U-scaA@mail.gmail.com>
<CANdZDc7c5D7YmAn7GUO+--9U2Z3Lz-CR9E-QsKriVeMoudeipA@mail.gmail.com>
<20120229164747.GA581@vps7135.xlshosting.net>
Message-ID: <1330534949.81609.YahooMailNeo@web121004.mail.ne1.yahoo.com>
Date: Wed, 29 Feb 2012 09:02:29 -0800 (PST)
From: Amir Taaki <zgenjix@yahoo.com>
To: "bitcoin-development@lists.sourceforge.net"
<bitcoin-development@lists.sourceforge.net>
In-Reply-To: <20120229164747.GA581@vps7135.xlshosting.net>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="-1562933420-65607732-1330534949=:81609"
X-Spam-Score: 0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
no trust [98.138.91.252 listed in list.dnswl.org]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(zgenjix[at]yahoo.com)
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain 1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.3 AWL AWL: From: address is in the auto white-list
X-Headers-End: 1S2mvE-0000sl-9B
Subject: Re: [Bitcoin-development] Duplicate transactions vulnerability
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Amir Taaki <zgenjix@yahoo.com>
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 29 Feb 2012 17:02:42 -0000
---1562933420-65607732-1330534949=:81609
Content-Type: text/plain; charset=us-ascii
I support BIP 30.
I gave it a thought. The other ways of resolving this issue, all have various niggles. This is the best way.
________________________________
From: Pieter Wuille <pieter.wuille@gmail.com>
To: Zooko Wilcox-O'Hearn <zooko@zooko.com>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Sent: Wednesday, February 29, 2012 4:47 PM
Subject: Re: [Bitcoin-development] Duplicate transactions vulnerability
On Tue, Feb 28, 2012 at 06:41:31PM -0700, Zooko Wilcox-O'Hearn wrote:
> Could you spell out the attack explicitly? Presumably there aren't a
> lot of people with the "malice energy" to perform the attack but not
> to figure it out for themselves. I, however, have the "niceness
> energy" to think about it for a few minutes but not to figure it out
> for myself. If in your opinion it is realistically dangerous to post
> it publicly, would you be so kind as to include me in the private
> sharing of the explanation?
It's not exactly a secret anymore, as the patch also references it.
Russell O'Connor described the attack on his blog:
http://r6.ca/blog/20120206T005236Z.html
--
Pieter
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
---1562933420-65607732-1330534949=:81609
Content-Type: text/html; charset=us-ascii
<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><span>I support BIP 30.</span></div><div><span><br></span></div><div><span>I gave it a thought. The other ways of resolving this issue, all have various niggles. This is the best way.</span></div><div><br></div> <div style="font-size: 12pt; font-family: 'times new roman', 'new york', times, serif; "> <div style="font-size: 12pt; font-family: 'times new roman', 'new york', times, serif; "> <div dir="ltr"> <font size="2" face="Arial"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Pieter Wuille <pieter.wuille@gmail.com><br> <b><span style="font-weight: bold;">To:</span></b> Zooko Wilcox-O'Hearn <zooko@zooko.com> <br><b><span style="font-weight: bold;">Cc:</span></b> Bitcoin Dev <bitcoin-development@lists.sourceforge.net> <br> <b><span style="font-weight: bold;">Sent:</span></b> Wednesday,
February 29, 2012 4:47 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [Bitcoin-development] Duplicate transactions vulnerability<br> </font> </div> <br>
On Tue, Feb 28, 2012 at 06:41:31PM -0700, Zooko Wilcox-O'Hearn wrote:<br>> Could you spell out the attack explicitly? Presumably there aren't a<br>> lot of people with the "malice energy" to perform the attack but not<br>> to figure it out for themselves. I, however, have the "niceness<br>> energy" to think about it for a few minutes but not to figure it out<br>> for myself. If in your opinion it is realistically dangerous to post<br>> it publicly, would you be so kind as to include me in the private<br>> sharing of the explanation?<br><br>It's not exactly a secret anymore, as the patch also references it.<br>Russell O'Connor described the attack on his blog:<br>http://r6.ca/blog/20120206T005236Z.html<br><br>-- <br>Pieter<br><br>------------------------------------------------------------------------------<br>Virtualization & Cloud Management Using Capacity Planning<br>Cloud computing makes use of virtualization - but cloud
computing <br>also focuses on allowing computing to be delivered as a service.<br>http://www.accelacomm.com/jaw/sfnl/114/51521223/<br>_______________________________________________<br>Bitcoin-development mailing list<br><a ymailto="mailto:Bitcoin-development@lists.sourceforge.net" href="mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.net</a><br><a href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development" target="_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a><br><br><br> </div> </div> </div></body></html>
---1562933420-65607732-1330534949=:81609--
|