Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id DCEF894F for ; Fri, 26 May 2017 08:15:59 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf0-f171.google.com (mail-pf0-f171.google.com [209.85.192.171]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 4320212A for ; Fri, 26 May 2017 08:15:59 +0000 (UTC) Received: by mail-pf0-f171.google.com with SMTP id m17so4952887pfg.3 for ; Fri, 26 May 2017 01:15:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=voskuil-org.20150623.gappssmtp.com; s=20150623; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=adymTD5ZU2lJrRnz1C/o+LKI9Ppekh6epoc1jPgqZ9g=; b=FH7oA3xQfhIeifiRVKYevkri/4qgOf3pEyhbxcXZSnhDhIS4VjTbyBX/DY0jkFbtu9 JXpGIOCj4kgl5RnycsRQkvjxpnUForKz3wI1IT25bwZUsX9hb4hgNnAZopBDMt7vwerg 7VyGJc9HjxFvtdUYzJP4defngNh4FAH8LfXpewMRy6qMsumb5vkRo76WXXJY7oRMlEct ohw3GWMqb/xAb0yswZVN75EAUn4v99vMHcKxLGqyOmp88cgAvICBooPWQVcSf6xzuRyq JQMgOThy3R2G9Q2JY8Fic1FA+/4gh+3bu0adV05QLZ0MYPK+UjlvJsM7jsd+QAgxhrJj +zXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=adymTD5ZU2lJrRnz1C/o+LKI9Ppekh6epoc1jPgqZ9g=; b=c7tRyGU+ZccFjFY0yOT4+OB5qQqy09a/bA8BKcHTuGc9vR+nm2wkCdGgS50pVgnD9B XFFk3OS4QsxTz7F95tPmbnZK17iOYCSKB8u4mOLKMtAuhG2dYcTEL13WYvAwPBgxaoeL L/dJZhO5FxV5q88B4BSUXZ7mA9QUvmU4tZ9oNq/fwD1E0Bkp00xAFVDEMnbnCohwwo5l 0p+hpaX68jU30HK7COO0CZwua/AlSc3PZMleVJo7N7+6jOYG9mpidVlc3EO7KCE8V0XU 8eswR/bHS/0vHR1OmtSzBsxG2xPmOlykblTIQ3Jv9k60cVlTllkQjsuacrUhlpfKhERp h6nQ== X-Gm-Message-State: AODbwcDMrfNcYaQKS59YrDrV+FHFDAEl0SGKEKWrEz9JYJVl2veMJEM3 iQdWCzS6kfE5C/YV X-Received: by 10.84.216.10 with SMTP id m10mr55554989pli.4.1495786558232; Fri, 26 May 2017 01:15:58 -0700 (PDT) Received: from ?IPv6:2601:600:a080:16bb:7d26:ac61:e7ed:4ce? ([2601:600:a080:16bb:7d26:ac61:e7ed:4ce]) by smtp.gmail.com with ESMTPSA id o29sm303887pgc.27.2017.05.26.01.15.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 26 May 2017 01:15:57 -0700 (PDT) To: Cameron Garnham , "Andreas M. Antonopoulos" References: <2E6BB6FA-65FF-497F-8AEA-4CC8655BAE69@gmail.com> From: Eric Voskuil X-Enigmail-Draft-Status: N1110 Message-ID: Date: Fri, 26 May 2017 01:15:56 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: <2E6BB6FA-65FF-497F-8AEA-4CC8655BAE69@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 26 May 2017 13:59:31 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Emergency Deployment of SegWit as a partial mitigation of CVE-2017-9230 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2017 08:16:00 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Cameron, Presumably the "very serious security vulnerability" posed is one of increased centralization of hash power. Would this danger exist without the patent risk? e On 05/26/2017 01:02 AM, Cameron Garnham via bitcoin-dev wrote: > Thank you for your reply Andreas, > > I can assure you that I have many motivations for activating > SegWit. > > Before studding ASICBOOST I wanted to activate SegWit as it is a wonderful upgrade for Bitcoin. It seems to me that virtually the entire Bitcoin Ecosystem agrees with me. Except for around 67% of the mining hash-rate who very conspicuously refuse to signal for it’s activation. > > So, I started searching for the motivations of such a large amount of the mining hash-rate holding a position that isn’t at-all represented in the wider Bitcoin Community. My study of ASICBOOST lead to a ‘bingo’ moment: If one assumes that the 67% of the hash rate that refuse to signal for SegWit are using ASICBOOST. The entire picture of this political stalemate became much more understandable. > > This only strengthened my resolve to activate SegWit: not only is SegWit great, it partially mitigates a very serious security vulnerability. > > This is why I call into question why you would suggest: > > “This proposal is unnecessarily conflating two contentious issues and will attract criticism of self serving motivation.” > > 1. I am not conflating the issues. I would argue that very fact that SegWit has not been activated yet is directly because of CVE-2017-9230. > 2. I have no reason to believe that SegWit is contentious, except for the attackers who it would frustrate. > 3. I have no negative responses to my endeavours to get ASICBOOST > as regarded as a legitimate security vulnerability. This would suggest that it is not contentious in the wider technical community. > > If SegWit is NOT contentious within the technical community and it is NOT contentious to regard CVE-2017-9230 as a credible security vulnerability. Then using it as partial security fix for a security vulnerability SHOULD NOT be contentious. > > If you believe that SegWit is contentious within the technical community. Or you believe CVE-2017-9230 should not be regarded as a credible security vulnerability. Then I would logically agree with you that we should separate the issues so that we may gain consensus. However, I just don’t see this as the case. > > Cameron. > > >> On 26 May 2017, at 09:52 , Andreas M. Antonopoulos wrote: >> >> I rarely post here, out of respect to the mailing list. But >> since my name was mentioned... >> >> I much prefer Gregory Maxwell's proposal to defuse covert >> ASICBOOST (only) with a segwit-like commitment to the coinbase which does not obligate miners to signal Segwit or implement Segwit, thus disarming any suspicion that the issue is being exploited only to activate Segwit. >> >> This proposal is unnecessarily conflating two contentious issues and will attract criticism of self serving motivation. >> >> Politicising CVE is damaging to the long term bitcoin >> development and to its security. Not claiming that is the intent here, but the damage is done by the mere appearance of motive. >> >> >> >> On May 26, 2017 16:30, "Cameron Garnham via bitcoin-dev" wrote: >> Hello Bitcoin-Dev, >> >> CVE-2017-9230 (1) (2), or commonly known as ‘ASICBOOST’ is a >> severe (3) (4) and actively exploited (5) security vulnerability. >> >> To learn more about this vulnerability please read Jeremy >> Rubin’s detailed report: >> http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf >> >> Andreas Antonopoulos has an excellent presentation on why >> asicboost is dangerous: >> https://www.youtube.com/watch?v=t6jJDD2Aj8k >> >> In decisions on the #bitcoin-core-dev IRC channel; It was >> proposed, without negative feedback, that SegWit be used as a partial-mitigation of CVE-2017-9230. >> >> SegWit partially mitigates asicboost with the common reasonable assumption that any block that doesn’t include a witness commit in it's coinbase transaction was mined using covert asicboost. Making the use of covert asicboost far more conspicuous. >> >> It was also proposed that this partial mitigation should be >> quickly strengthened via another soft-fork that makes the inclusion of witness commits mandatory, without negative feedback. >> >> The security trade-offs of deploying a partial-mitigation to CVE-2017-9230 quickly vs more slowly but more conservatively is under intense debate. The author of this post has a strong preference to the swiftest viable option. >> >> Cameron. >> >> >> (1) CVE Entry: >> https://cve.mitre.org/cgi-bin/cvename.cgi?name=+CVE-2017-9230 >> >> (2) Announcement of CVE to Mailing List: >> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014416. html >> >> (3) Discussion of the perverse incentives created by 'ASICBOOST' >> by Ryan Grant: >> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352. html >> >> (4) Discussion of ASICBOOST's non-independent PoW calculation by Tier Nolan: >> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351. html >> >> (5) Evidence of Active Exploit by Gregory Maxwell: >> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/01399 6.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCAAGBQJZJ+Q1AAoJEDzYwH8LXOFOqakH/R1YCifIGjV07vnnsxeC/77x d6w5tBmtEd5MLzrX/6VtMoI8UzgLEcDM1WfFox3jDVz/HurkTVorliyJrr14BVsc rL2nTbfychYh1rAdTIsNwFt15Wgjcp/5eAq7Lw5TM5OJ3YbPn2zWJY19QmjEAJ+M kGz26R+IJL1095yed5RN2JoN8O9x+HVdtIjaHJJRJzLsy+3g22zMWgN1nZN0olhX mFQJZbvS0gQyiRGJmNku3zP5Qg2cFzWt+VBtFrzNu1QTTkbK2e1owHOmpgfygTD3 g3F4VoDfyA7pBnpMMMjjTaCaG34Am3CvYu8iYnZXy85s2ZjC+XeKgqMkBLj4+q8= =A3ne -----END PGP SIGNATURE-----