summaryrefslogtreecommitdiff
path: root/ed/47c4e16a3757470b9a71637cb801fd11d82f24
blob: 5219a7e13fb11f7627f163c5e842c13bedb8217d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
Return-Path: <hearn@vinumeris.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 3DF1071F
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 29 Jul 2015 13:41:08 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-io0-f169.google.com (mail-io0-f169.google.com
	[209.85.223.169])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B5F091B3
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 29 Jul 2015 13:41:07 +0000 (UTC)
Received: by iodd187 with SMTP id d187so21516914iod.2
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 29 Jul 2015 06:41:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=vinumeris.com; s=google;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	bh=Doa9uwOhD7XpSz+v5i/m3LTk+7KMHOYup3m1NV5Ix8o=;
	b=LTAu6k/5bcnE3gbSof3CKz3NllQA2jLK2YVYeu4exEgIsRftrQdtvWFHJvqN7j7HMY
	D1eO87qV8cokIYqAZf5jycOEINCSXmAV2sA7M0BCur9rwnVEWNBQ7e48VIPKqFwnh4Ne
	QzDGv5monZ+vMALwM4WARTSUHB9c9V1B704QE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:in-reply-to:references:date
	:message-id:subject:from:to:cc:content-type;
	bh=Doa9uwOhD7XpSz+v5i/m3LTk+7KMHOYup3m1NV5Ix8o=;
	b=bE/65BkuT1dmTB9qSbgDfWRK9Xh101Yt0+XAKPoYJij/LbeBWl9rUhYobzakHh+BqC
	zvgjKVBhTa35JR/3LiJJL2yK+9MeMcLO90iPkPxxjJpYp6RrTFLAVqKRTPBdUQ47WIwH
	w8KU+4S6O3YxV9cpXdpYPexMozBdWyaLbc8npgR/myw7XAErD6eEShFVGNrFBi6oB0sY
	eAcQR5XB96HYuC1dQEUXNgZBI26QunCW+4PKRBI9U2AbsDppbze36I0HewerIcslXIkW
	wtC2Mr1W1BJVEF/Bw14wGIVpQKqMJoPQ42zsk2JpCERTllWnizYeHE++Z0NReQ/ZOn0z
	TcGA==
X-Gm-Message-State: ALoCoQndyXAC0Cu55rGyBgoEMMGwWmCA1Bc4VxGGbZ+IU5k+2RyQZptUDDHcg+59w95mjxDKBT9x
MIME-Version: 1.0
X-Received: by 10.107.135.193 with SMTP id r62mr1631389ioi.29.1438177267196;
	Wed, 29 Jul 2015 06:41:07 -0700 (PDT)
Received: by 10.50.108.111 with HTTP; Wed, 29 Jul 2015 06:41:07 -0700 (PDT)
In-Reply-To: <55B79146.70309@gmail.com>
References: <55B78F56.3080802@gmail.com>
	<55B79146.70309@gmail.com>
Date: Wed, 29 Jul 2015 15:41:07 +0200
Message-ID: <CA+w+GKSNw90FHRKQYvNVNQ=qdCgUL_vAyR8uZ8CJBN3t_A6Zsw@mail.gmail.com>
From: Mike Hearn <hearn@vinumeris.com>
To: Pieter Wuille <pieter.wuille@gmail.com>
Content-Type: multipart/alternative; boundary=001a113eceb222be1e051c03bd89
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham
	version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Disclosure: consensus bug indirectly solved by
	BIP66
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2015 13:41:08 -0000

--001a113eceb222be1e051c03bd89
Content-Type: text/plain; charset=UTF-8

>
> This solved the vulnerability, and opens the door to using non-OpenSSL
> signature verification in the near future.


Great work!

It also means the remaining usages of OpenSSL can be safely replaced with
something like LibreSSL or (perhaps better) BoringSSL.

--001a113eceb222be1e051c03bd89
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><blo=
ckquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #c=
cc solid;padding-left:1ex">This solved the=C2=A0vulnerability, and opens th=
e door to using non-OpenSSL signature=C2=A0verification in the near future.=
</blockquote><div><br></div><div>Great work!=C2=A0</div><div><br></div><div=
>It also means the remaining usages of OpenSSL can be safely replaced with =
something like LibreSSL or (perhaps better) BoringSSL.</div></div></div></d=
iv>

--001a113eceb222be1e051c03bd89--