Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 0E449949 for ; Wed, 24 Aug 2016 23:03:19 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qk0-f172.google.com (mail-qk0-f172.google.com [209.85.220.172]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5FBFBAC for ; Wed, 24 Aug 2016 23:03:18 +0000 (UTC) Received: by mail-qk0-f172.google.com with SMTP id z190so30506953qkc.0 for ; Wed, 24 Aug 2016 16:03:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=DZ4+TiKWmgBSvk0cGUuZSlgePvBLbLw6qvoXe9cwkKc=; b=CBbPvhmm5M6OJhq6XUqco8Uyhxdwa/VX1ATEVjk5Zh6iybEkbkwU/HqhRtmJPSqfbJ CfsErZAu5T1nl+d+ZKdowpAAst7ONdBODXsBd9HLaKLwao4gvOfoT3Mu0RgpfzJ47Zg8 EGLpnQau6Ks4wadcNazI4Czf5y6jEBdjqRheYQ63G+m2NTx9lR6BBAsHYSHIJ/q5dD9e AwmGf088gnsVxKhvSHkKdx4BnMmDVazsOVroonpg6tHQDC4j5KKle+Ap0mguBeMSaI/R W47HVjvT5d6WJHr4VvA/dNTCE1mwJ0M0CcdFaiRnqvaL8EZiDZpW2s6E8zqf10U9YwXB HmLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=DZ4+TiKWmgBSvk0cGUuZSlgePvBLbLw6qvoXe9cwkKc=; b=l1XGykwee1uHiLbQk7Hh3I0DkJWcfKItXU2yIW6ETWK0hrAhlQ9rqyqS0G/QvZcqEE 2EeXEvj4Z0G6ZnSioQNi2OgLPEwBq+0bZu/IljLg0MoHCCLwA+z8T9quG/zaV7VG6Lvb l0fJ6A+87O+25ah013HDUoH3hwDS5gjeWh7MmqZEbsfuXC4zrMMNrFzWuEsEJxVcSU12 qQNr/EUUIRF6rV07nzpOxXWtJqFKwYGHWtoi4JAIXpdoPz3a7pScRBq5LhZRU8VfaLNz OIOgzQvg5diVqeYY1tqmkRA1NG9N25yyiR2GNKiNAmW65XvQBun0AHxakh0bW0xtrFjl OE8w== X-Gm-Message-State: AE9vXwNi46K/dT6Nk6qjVeqQYtjComDYsIXn9nf6/5tDnWi9cImbSC9ZWNkCPSF2cZSH6jWljia6xRi8WMdy4A== X-Received: by 10.233.222.193 with SMTP id s184mr6478922qkf.154.1472079797541; Wed, 24 Aug 2016 16:03:17 -0700 (PDT) MIME-Version: 1.0 Sender: nbvfour@gmail.com Received: by 10.237.55.199 with HTTP; Wed, 24 Aug 2016 16:03:16 -0700 (PDT) In-Reply-To: <20160824192211.GB24668@fedora-21-dvm> References: <20160824014634.GA19905@fedora-21-dvm> <20160824192211.GB24668@fedora-21-dvm> From: Chris Priest Date: Wed, 24 Aug 2016 16:03:16 -0700 X-Google-Sender-Auth: -sWHQaPgK7fVMK7wgze8_zfR0M0 Message-ID: To: Peter Todd , Bitcoin Protocol Discussion Content-Type: text/plain; charset=UTF-8 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Capital Efficient Honeypots w/ "Scorched Earth" Doublespending Protection X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Aug 2016 23:03:19 -0000 How does your system prevent against insider attacks? How do you know the money is stolen by someone who compromised server #4, and not stolen by the person who set up server #4? It is my understanding these days most attacks are inside jobs. On 8/24/16, Peter Todd via bitcoin-dev wrote: > On Thu, Aug 25, 2016 at 01:37:34AM +1000, Matthew Roberts wrote: >> Really nice idea. So its like a smart contract that incentivizes >> publication that a server has been hacked? I also really like how the >> funding has been handled -- with all the coins stored in the same address >> and then each server associated with a unique signature. That way, you >> don't have to split up all the coins among every server and reduce the >> incentive for an attacker yet you can still identify which server was >> hacked. >> >> It would be nice if after the attacker broke into the server that they >> were >> also incentivized to act on the information as soon as possible >> (revealing >> early on when the server was compromised.) I suppose you could split up >> the >> coins into different outputs that could optimally be redeemed by the >> owner >> at different points in the future -- so they're incentivzed to act lest > > Remember that it's _always_ possible for the owner to redeem the coins at > any > time, and there's no way to prevent that. > > The incentive for the intruder to collect the honeypot in a timely manner > is > simple: once they've broken in, the moment the honeypot owner learns about > the > compromise they have every reason to attempt to recover the funds, so the > intruder needs to act as fast as possible to maximize their chances of > being > rewarded. > > -- > https://petertodd.org 'peter'[:-1]@petertodd.org >