Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1SeBSS-0003c0-Id for bitcoin-development@lists.sourceforge.net; Mon, 11 Jun 2012 20:43:28 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.216.175 as permitted sender) client-ip=209.85.216.175; envelope-from=gmaxwell@gmail.com; helo=mail-qc0-f175.google.com; Received: from mail-qc0-f175.google.com ([209.85.216.175]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1SeBSQ-0005Zj-C4 for bitcoin-development@lists.sourceforge.net; Mon, 11 Jun 2012 20:43:28 +0000 Received: by qcso7 with SMTP id o7so2014866qcs.34 for ; Mon, 11 Jun 2012 13:43:21 -0700 (PDT) MIME-Version: 1.0 Received: by 10.224.188.7 with SMTP id cy7mr15971323qab.34.1339447400730; Mon, 11 Jun 2012 13:43:20 -0700 (PDT) Received: by 10.229.144.205 with HTTP; Mon, 11 Jun 2012 13:43:20 -0700 (PDT) In-Reply-To: References: Date: Mon, 11 Jun 2012 16:43:20 -0400 Message-ID: From: Gregory Maxwell To: Mike Hearn Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 AWL AWL: From: address is in the auto white-list X-Headers-End: 1SeBSQ-0005Zj-C4 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Bootstrapping full nodes post-pruning X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jun 2012 20:43:28 -0000 On Mon, Jun 11, 2012 at 4:36 PM, Mike Hearn wrote: > Unless BDB has some weird behaviour in it, that shouldn't require any HAHAHA. Have you consider doing comedy full time? Actual BDB files are absolutely not deterministic. Nor is the raw blockchain itself currently, because blocks aren't always added in the same order (plus they get orphans in them) But the serious inter-version compatibility problems as well as poor space efficiency make BDB a poor candidate for read only pruned indexes. > Even if a more complex scheme is used whereby commitments are in the > block chain, somebody still has to verify the binaries match the > source. If that isn't true, the software could do anything and you'd > never know. The binaries distributed by bitcoin.org are all already compiled deterministically and validated by multiple independent parties. In the future there will be a downloader tool (e.g. for updates) which will automatically check for N approvals before accepting an update, even for technically unsophisticated users. This will produce a full chain of custody which tracks the actual binaries people fetch to specific source code which can be audited, so substitution attacks will at least in theory always be detectable. Of course, you're left with Ken Thompson's compiler attack but even that can be substantially closed.