MIME-Version: 1.0
References: <e6da74da025355472a81e613fe7683b9@dtrt.org>
 <CAB3F3Dtfu+kaJ8jgi-qRiZBXvuYaEVEa32q_UPkwA5MLAP9RSg@mail.gmail.com>
 <c9ddddce1ad797671431335fe95cf2b7@dtrt.org>
In-Reply-To: <c9ddddce1ad797671431335fe95cf2b7@dtrt.org>
From: Greg Sanders <gsanders87@gmail.com>
Date: Tue, 31 Jan 2023 19:37:06 -0500
Message-ID: <CAB3F3Dtz7Sq8SCYjFn9yx_92bStJRBy0rLu_o3bHndKG9HwdrA@mail.gmail.com>
To: "David A. Harding" <dave@dtrt.org>
Content-Type: multipart/alternative; boundary="000000000000846e9005f398a69b"
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Reference example bech32m address for future
	segwit versions
Precedence: list

--000000000000846e9005f398a69b
Content-Type: text/plain; charset="UTF-8"

David,

I'm merely speaking in a descriptive sense. I predict that most custodians
are reluctant to whitelist
a witness version they know is insecure.

I'm not sure what's best for not colliding with future versions, I'll let
other wiser folks weigh in.

Cheers,
Greg

On Tue, Jan 31, 2023 at 6:33 PM David A. Harding <dave@dtrt.org> wrote:

> On 2023-01-31 04:30, Greg Sanders wrote:
> > Hi David,
> >
> > From practical experience, I think you'll find that most exchanges
> > will not enable sends to future segwit versions,
> > as from a risk perspective it's likely a mistake to send funds there.
>
> Hi Greg!,
>
> I thought the best practice[1] was that wallets would spend to the
> output indicated by any valid bech32m address.  You seem to implying
> that the best practice is the opposite: that wallets should only send to
> outputs they know can be secured (i.e., which are not currently
> anyone-can-spend).  The more restrictive approach seems kind of sad to
> me since any problem which can result in a user accidentally withdrawing
> to a future segwit version could even more easily result in them
> withdrawing to a witness program for which there is no solution (i.e.,
> no key or script is known to spend).
>
> If it is a best practice, then I think there's a benefit to being able
> to test it even when other people's proprietary software is involved.  A
> wallet or service likely to follow that best practice may be more likely
> to follow other best practices which cannot be as easily tested for.
> But, if it's going to be tested, I want the testing to use the address
> least likely to cause problems for protocol developers in the future.
> Do you (and others on this list) have any reason to believe OP_16
> OP_PUSH2 0000 would be a problematic script, or can you think of a
> better script?
>
> Thanks!,
>
> -Dave
>
> [1] BIP350, emphasis in original: "[...] we emphatically recommend [...]
> ensuring that your implementation supports sending to v1 **and higher
> versions.**"
>

--000000000000846e9005f398a69b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">David,<div><br></div><div>I&#39;m merely speaking in a des=
criptive sense. I predict that most custodians are reluctant to whitelist</=
div><div>a witness version they know is insecure.</div><div><br></div><div>=
I&#39;m not sure what&#39;s best for not colliding with future versions, I&=
#39;ll let other wiser folks weigh in.</div><div><br></div><div>Cheers,</di=
v><div>Greg</div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" clas=
s=3D"gmail_attr">On Tue, Jan 31, 2023 at 6:33 PM David A. Harding &lt;<a hr=
ef=3D"mailto:dave@dtrt.org">dave@dtrt.org</a>&gt; wrote:<br></div><blockquo=
te class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px =
solid rgb(204,204,204);padding-left:1ex">On 2023-01-31 04:30, Greg Sanders =
wrote:<br>
&gt; Hi David,<br>
&gt; <br>
&gt; From practical experience, I think you&#39;ll find that most exchanges=
<br>
&gt; will not enable sends to future segwit versions,<br>
&gt; as from a risk perspective it&#39;s likely a mistake to send funds the=
re.<br>
<br>
Hi Greg!,<br>
<br>
I thought the best practice[1] was that wallets would spend to the <br>
output indicated by any valid bech32m address.=C2=A0 You seem to implying <=
br>
that the best practice is the opposite: that wallets should only send to <b=
r>
outputs they know can be secured (i.e., which are not currently <br>
anyone-can-spend).=C2=A0 The more restrictive approach seems kind of sad to=
 <br>
me since any problem which can result in a user accidentally withdrawing <b=
r>
to a future segwit version could even more easily result in them <br>
withdrawing to a witness program for which there is no solution (i.e., <br>
no key or script is known to spend).<br>
<br>
If it is a best practice, then I think there&#39;s a benefit to being able =
<br>
to test it even when other people&#39;s proprietary software is involved.=
=C2=A0 A <br>
wallet or service likely to follow that best practice may be more likely <b=
r>
to follow other best practices which cannot be as easily tested for.=C2=A0 =
<br>
But, if it&#39;s going to be tested, I want the testing to use the address =
<br>
least likely to cause problems for protocol developers in the future.=C2=A0=
 <br>
Do you (and others on this list) have any reason to believe OP_16 <br>
OP_PUSH2 0000 would be a problematic script, or can you think of a <br>
better script?<br>
<br>
Thanks!,<br>
<br>
-Dave<br>
<br>
[1] BIP350, emphasis in original: &quot;[...] we emphatically recommend [..=
.] <br>
ensuring that your implementation supports sending to v1 **and higher <br>
versions.**&quot;<br>
</blockquote></div>

--000000000000846e9005f398a69b--