summaryrefslogtreecommitdiff
path: root/d1/3ecb90db68f9a23aded9b887e54010d41517b3
blob: 821edaf300c584373bc22a23821ea620cd71d2b7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
Return-Path: <eric@voskuil.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id EA627A55
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 10 Sep 2016 00:54:30 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-pa0-f47.google.com (mail-pa0-f47.google.com
	[209.85.220.47])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5AEFB192
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 10 Sep 2016 00:54:30 +0000 (UTC)
Received: by mail-pa0-f47.google.com with SMTP id to9so33061827pac.1
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Fri, 09 Sep 2016 17:54:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=voskuil-org.20150623.gappssmtp.com; s=20150623;
	h=from:content-transfer-encoding:mime-version:subject:message-id:date
	:references:in-reply-to:to;
	bh=ZPHqPkHEQ1iTsrxLJhkKoma2KyM4KkBb8Z8WHcFN6ck=;
	b=h7dxAWEQPQpuzJ4Uk+LXpvUUr3jIAH8wJvNBXz1UwtooEBi89P+rxmIrviibtdMM0v
	ipG9J+DX/DceJaKpGivxjccNwMGnSZrYUj+PZigzrP1CtNXvbdZWuxYqUtdNaw4d+Oc1
	KY/3ToL8gfj9i9w4/mgGbzmmzD2DgYU1//SsfRqwWpdUPk0IowuF/zWRqjPRJ5ygY7eH
	BNb2rvwJN7urMdikmAYav6NnWi9zuXxMGcgveOVwwhv6qqqpoBmQSzfgVNRZioMmw3vn
	nx4mdlKPMNG+dBLTHYSWc86ub6gwOp5+kQr5Cp5PZLm28RUcsTyrqnUzdbb/sKNHyUdd
	oWaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:content-transfer-encoding:mime-version
	:subject:message-id:date:references:in-reply-to:to;
	bh=ZPHqPkHEQ1iTsrxLJhkKoma2KyM4KkBb8Z8WHcFN6ck=;
	b=Xz1nvfIonRJweB3pKIMRocLBKdpDdG6ukLCHoBTClSCUmICjo+KSxE6wpiFAq4+Tzr
	jsQiFZr7GYDQefil8gonlWY1QE+Z9rN6UUhc2vAA3Q/v2JOaDj/WMn9SPgI4wCwyrNJu
	6zpa4e/Q2sLNSnKAF329sULLLABfGAe2C4rTqyXxa4dXjNTJS3bcGIwl62FWJAxCeMDs
	AWV47hIZRwfniGMx27wOgRHhKd28w1VLOOGWdReRgMPN54YWKgpOGruc0VquMG7gM7HZ
	71J9/mK0/6iWRKbFI2o/LIG9LkfwBt8u2Etk2HwTH87WCqM1cNHDAo8L15fTiUAWVoEr
	4Xjg==
X-Gm-Message-State: AE9vXwPEgDGK22nYH37J2eFS3/77/1OQbZZu/JrrBcJlVIeWZduGEHp57HY29u8B2bn+Iw==
X-Received: by 10.66.7.33 with SMTP id g1mr11478875paa.92.1473468870052;
	Fri, 09 Sep 2016 17:54:30 -0700 (PDT)
Received: from ?IPv6:2601:600:9000:d69e:bd08:99e3:bd72:407b?
	([2601:600:9000:d69e:bd08:99e3:bd72:407b])
	by smtp.gmail.com with ESMTPSA id 3sm7825464pfz.33.2016.09.09.17.54.28
	(version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Fri, 09 Sep 2016 17:54:29 -0700 (PDT)
From: Eric Voskuil <eric@voskuil.org>
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
Message-Id: <474CB187-0642-452C-AE1B-00D46FAE8BAF@voskuil.org>
Date: Fri, 9 Sep 2016 17:54:28 -0700
References: <CAAS2fgTYOUSm07N4NYDCsjjwSbAo_ye84UvbQF--3JzhLHkG0Q@mail.gmail.com>
In-Reply-To: <CAAS2fgTYOUSm07N4NYDCsjjwSbAo_ye84UvbQF--3JzhLHkG0Q@mail.gmail.com>
To: Gregory Maxwell <greg@xiph.org>,
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
X-Mailer: iPhone Mail (13G35)
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, MIME_QP_LONG_LINE,
	RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Sat, 10 Sep 2016 01:17:17 +0000
Subject: Re: [bitcoin-dev] Completing the retirement of the alert system
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Sep 2016 00:54:31 -0000

ACK

libbitcoin defines the message and includes the public key but only for comp=
leteness and reference purposes. It has never been used in the node.

e

> On Sep 9, 2016, at 5:42 PM, Gregory Maxwell via bitcoin-dev <bitcoin-dev@l=
ists.linuxfoundation.org> wrote:
>=20
> The alert system was a centralized facility to allow trusted parties
> to send messages to be displayed in wallet software (and, very early
> on, actually remotely trigger the software to stop transacting).
>=20
> It has been removed completely in Bitcoin Core after being disabled for a w=
hile.
>=20
> While the system had some potential uses, there were a number of
> problems with it.
>=20
> The alert system was a frequent source of misunderstanding about the
> security model and 'effective governance', for example a years ago a
> BitcoinJ developer wanted it to be used to control fee levels on the
> network and few months back one of Bloq's staff was pushing for a
> scheme where "the developers" would use it to remotely change the
> difficulty-- apparently with no idea how abhorrent others would find
> it.
>=20
> The system also had a problem of not being scalable to different
> software vendors-- it didn't really make sense that core would have
> that facility but armory had to do something different (nor would it
> really make sense to constantly have to maintain some list of keys in
> the node software).
>=20
> It also had the problem of being unaccountable. No one can tell which
> of the key holders created a message. This creates a risk of misuse
> with a false origin to attack someone's reputation.
>=20
> Finally, there is good reason to believe that the key has been
> compromised-- It was provided to MTGox by a developer and MTGox's
> systems' were compromised and later their CEO's equipment taken by the
> Japanese police.
>=20
> In any case, it's gone now in Core and most other current software--
> and I think it's time to fully deactivate it.
>=20
> I've spent some time going around the internet looking for all
> software that contains this key (which included a few altcoins) and
> asked them to remove it. I will continue to do that.
>=20
> One of the facilities in the alert system is that you can send a
> maximum sequence alert which cannot be overridden and displays only a
> static key compromise text message and blocks all other alerts. I plan
> to send a triggering alert in the not-distant future (exact time to be
> announced well in advance) feedback on timing would be welcome.
>=20
> There are likely a few production systems that automatically shut down
> when there is an alert, so this risks some small one-time disruption
> of those services-- but none worse than if an alert were sent to
> advise about a new system upgrade.
>=20
> At some point after that, I would then plan to disclose this private
> key in public, eliminating any further potential of reputation attacks
> and diminishing the risk of misunderstanding the key as some special
> trusted source of authority.
>=20
> Cheers,
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev