1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
Return-Path: <hearn@vinumeris.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 3DF1071F
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 29 Jul 2015 13:41:08 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-io0-f169.google.com (mail-io0-f169.google.com
[209.85.223.169])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B5F091B3
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 29 Jul 2015 13:41:07 +0000 (UTC)
Received: by iodd187 with SMTP id d187so21516914iod.2
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 29 Jul 2015 06:41:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=vinumeris.com; s=google;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type;
bh=Doa9uwOhD7XpSz+v5i/m3LTk+7KMHOYup3m1NV5Ix8o=;
b=LTAu6k/5bcnE3gbSof3CKz3NllQA2jLK2YVYeu4exEgIsRftrQdtvWFHJvqN7j7HMY
D1eO87qV8cokIYqAZf5jycOEINCSXmAV2sA7M0BCur9rwnVEWNBQ7e48VIPKqFwnh4Ne
QzDGv5monZ+vMALwM4WARTSUHB9c9V1B704QE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:date
:message-id:subject:from:to:cc:content-type;
bh=Doa9uwOhD7XpSz+v5i/m3LTk+7KMHOYup3m1NV5Ix8o=;
b=bE/65BkuT1dmTB9qSbgDfWRK9Xh101Yt0+XAKPoYJij/LbeBWl9rUhYobzakHh+BqC
zvgjKVBhTa35JR/3LiJJL2yK+9MeMcLO90iPkPxxjJpYp6RrTFLAVqKRTPBdUQ47WIwH
w8KU+4S6O3YxV9cpXdpYPexMozBdWyaLbc8npgR/myw7XAErD6eEShFVGNrFBi6oB0sY
eAcQR5XB96HYuC1dQEUXNgZBI26QunCW+4PKRBI9U2AbsDppbze36I0HewerIcslXIkW
wtC2Mr1W1BJVEF/Bw14wGIVpQKqMJoPQ42zsk2JpCERTllWnizYeHE++Z0NReQ/ZOn0z
TcGA==
X-Gm-Message-State: ALoCoQndyXAC0Cu55rGyBgoEMMGwWmCA1Bc4VxGGbZ+IU5k+2RyQZptUDDHcg+59w95mjxDKBT9x
MIME-Version: 1.0
X-Received: by 10.107.135.193 with SMTP id r62mr1631389ioi.29.1438177267196;
Wed, 29 Jul 2015 06:41:07 -0700 (PDT)
Received: by 10.50.108.111 with HTTP; Wed, 29 Jul 2015 06:41:07 -0700 (PDT)
In-Reply-To: <55B79146.70309@gmail.com>
References: <55B78F56.3080802@gmail.com>
<55B79146.70309@gmail.com>
Date: Wed, 29 Jul 2015 15:41:07 +0200
Message-ID: <CA+w+GKSNw90FHRKQYvNVNQ=qdCgUL_vAyR8uZ8CJBN3t_A6Zsw@mail.gmail.com>
From: Mike Hearn <hearn@vinumeris.com>
To: Pieter Wuille <pieter.wuille@gmail.com>
Content-Type: multipart/alternative; boundary=001a113eceb222be1e051c03bd89
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham
version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Disclosure: consensus bug indirectly solved by
BIP66
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2015 13:41:08 -0000
--001a113eceb222be1e051c03bd89
Content-Type: text/plain; charset=UTF-8
>
> This solved the vulnerability, and opens the door to using non-OpenSSL
> signature verification in the near future.
Great work!
It also means the remaining usages of OpenSSL can be safely replaced with
something like LibreSSL or (perhaps better) BoringSSL.
--001a113eceb222be1e051c03bd89
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><blo=
ckquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #c=
cc solid;padding-left:1ex">This solved the=C2=A0vulnerability, and opens th=
e door to using non-OpenSSL signature=C2=A0verification in the near future.=
</blockquote><div><br></div><div>Great work!=C2=A0</div><div><br></div><div=
>It also means the remaining usages of OpenSSL can be safely replaced with =
something like LibreSSL or (perhaps better) BoringSSL.</div></div></div></d=
iv>
--001a113eceb222be1e051c03bd89--
|