Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6B41F97 for ; Wed, 19 Aug 2015 06:48:07 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 02E29132 for ; Wed, 19 Aug 2015 06:48:05 +0000 (UTC) Received: from cotinga.riseup.net (unknown [10.0.1.161]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id 8FBCCC10A3 for ; Tue, 18 Aug 2015 23:48:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1439966885; bh=htVjLxpNbWQS97aGsVr1fG2IA7wl4MAe9SStMrnsYs4=; h=Date:From:To:Subject:From; b=PmOdyDNX1lYTwGD64qRaaFUq9Rgx2N9RKvaXyiw6llVD89uRsg+nZe3975onUdM5L kHQWzAOD7dBQKXxHP8FcTsj2pQlkAstixUGns8IEELpcT/KO5MvKz9KPZMP6xxqU7P 4tl56jDE8fMLQvUsRF0VGhU+xJxjf3wrUiwYoZ0U= Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: odinn.cyberguerrilla) with ESMTPSA id 573BE1C0209 Message-ID: <55D426A4.3070006@riseup.net> Date: Tue, 18 Aug 2015 23:48:04 -0700 From: odinn User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Bitcoin development mailing list Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Virus-Scanned: clamav-milter 0.98.7 at mx1.riseup.net X-Virus-Status: Clean X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_LOW, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [bitcoin-dev] Ensuring Users have Safe Software and Version X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Aug 2015 06:48:07 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Recently I was re-reading the following (which has been edited periodically): https://bitcoin.org/en/alerts It currently reads, "There is no ongoing event on the Bitcoin network." However, in reading the most recent alert on that page, we are (it seems) still affected by the issues discussed relative to the 4th of July event, namely: https://bitcoin.org/en/alert/2015-07-04-spv-mining This originally was formulated in alerts via discussion on bitcoin.org repository, here: https://github.com/bitcoin-dot-org/bitcoin.org/pull/933 So anyway. Getting back to this, how do I ensure that I have a safe version? Thus far I am still using the guidance here from the bitcoin.org alert shown above. For example, for Electrum, bitcoin.org not only directs users to wait 30 confirmations more than usual, but also directs users to the following resource: https://en.bitcoin.it/w/index.php?title=July_2015_chain_forks&redirect=n o This brings me to the "safe software and version." If we understand this correctly, the safe software and version will be Bitcoin Core at its most current version. Thus it is vitally important to provide a way to ensure that users do not inadvertently be misled into connecting to a XT node. However, the information (about the software and version, in banner) is provided voluntarily by the server administrators and thus isn't validated. How to make sure that you are actually connecting to one who is running Core with the proper version (and not Core with some very old version, or XT)? On the bitcoin wiki, it states in part, "During a fork, it is possible to use the Get Block Header custom plugin[3] to authoritatively determine which side of the fork an Electrum server is on." It refers to this: https://bitcointalk.org/index.php?topic=1110912.msg11800126 Depending on what wallet people are using, that is, Core, any of the other wallets... hardware, desktop, web, mobile... there would be different ways to determine what software is being used to make sure that you are using Core in the current version (and not inadvertently using XT for example). The question is, how would this be done most easily? Thanks in advance for your answer(s). - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJV1CakAAoJEGxwq/inSG8CLPUH/RnCMjGSFrPQc9wvRv9NWPYP Mr+pzIBpiOXvikYXBT6cm/2AmmKhNmOjAHcdb9VrXPbk5ov/+odlcjGKeyXBc8zr 6+FAhDrnmznL1TEn+DL1UUBQlonNf4MFK8YZBusslFA14lSCSywn9IdubPD3ONzc 4f0uHl6c4wk0yLfmlJPbHevaEY/UdIyxPde2Nw+7IImWpdGJjBUiKTGb7/ZC4hTR dTWmKNKAiXpCd2om86jbo12WP0rgpv66P2DgeetPzv8/dwWoons3FUJL/+tveFlm SuTmjZWlDtzPm/56eTXUU64y7bSWYLrdQXxUk8zqzlYL5CJuVJ+1fi8OjwYYZH0= =4J93 -----END PGP SIGNATURE-----