MIME-Version: 1.0
In-Reply-To: <201510210846.43988.luke@dashjr.org>
References: <CALxbBHU+kdEAh_4+B663vknAAr8OKZpUzVTACORPZi47E=Ehkw@mail.gmail.com>
	<201510210839.42420.luke@dashjr.org>
	<CALxbBHWOp9Q67bqSd4h=2+28PT_2stWzMBQ=nSvxPqKocx_xtQ@mail.gmail.com>
	<201510210846.43988.luke@dashjr.org>
Date: Wed, 21 Oct 2015 11:22:25 -0700
Message-ID: <CAJN5wHXSbZPuXN7PQRyOgOMuk2Ogooiww3hW93uNipQJnfkeOg@mail.gmail.com>
From: Danny Thorpe <danny.thorpe@gmail.com>
To: Luke Dashjr <luke@dashjr.org>
Content-Type: multipart/alternative; boundary=001a113ac2aed85f300522a17595
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] [BIP] Normalized transaction IDs
Precedence: list

--001a113ac2aed85f300522a17595
Content-Type: text/plain; charset=UTF-8

A signer modifying the order of inputs or changing outputs when
"re-signing" a transaction (which already has dependent child transactions
spending its outputs) seems like quite a different hazard than a malicious
third party modifying a transaction in the mempool by twiddling opcodes in
the signature scripts.  The former seems like more a matter of keeping your
own house in order (an internal affair) while the latter is an external
threat beyond the transaction writer's control.

While I agree that having a canonical ordering for inputs and outputs might
be useful in some cases, there are also use cases where the relative
positions of inputs and outputs are significant, where reordering would
change the semantics of the transaction.  SIGHASH_SINGLE, for example,
makes an association between an input index and an output index. Open Asset
colored coins are identified by the order of inputs and outputs.

Let's keep canonical ordering separate from the normalized transaction ID
proposal. Baby steps. Normalized transaction IDs provide an immediate
benefit against the hazard of third party manipulation of transactions in
the mempool, even without canonical ordering.

-Danny


On Wed, Oct 21, 2015 at 1:46 AM, Luke Dashjr via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> On Wednesday, October 21, 2015 8:44:53 AM Christian Decker wrote:
> > Hm, that is true as long as the signer is the only signer of the
> > transaction, otherwise he'd be invalidating the signatures of the other
> > signers.
>
> Or he can just have the other signers re-sign with the modified version.
> Even if it only worked with a single signer, it's still a form of
> malleability
> that your BIP does not presently solve, but would be desirable to solve...
>
> Luke
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

--001a113ac2aed85f300522a17595
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">A signer modifying the order of inputs or changing outputs=
 when &quot;re-signing&quot; a transaction (which already has dependent chi=
ld transactions spending its outputs) seems like quite a different hazard t=
han a malicious third party modifying a transaction in the mempool by twidd=
ling opcodes in the signature scripts.=C2=A0 The former seems like more a m=
atter of keeping your own house in order (an internal affair) while the lat=
ter is an external threat beyond the transaction writer&#39;s control.<div>=
<br></div><div>While I agree that having a canonical ordering for inputs an=
d outputs might be useful in some cases, there are also use cases where the=
 relative positions of inputs and outputs are significant, where reordering=
 would change the semantics of the transaction.=C2=A0 SIGHASH_SINGLE, for e=
xample, makes an association between an input index and an output index. Op=
en Asset colored coins are identified by the order of inputs and outputs.</=
div><div><br></div><div>Let&#39;s keep canonical ordering separate from the=
 normalized transaction ID proposal. Baby steps. Normalized transaction IDs=
 provide an immediate benefit against the hazard of third party manipulatio=
n of transactions in the mempool, even without canonical ordering. =C2=A0</=
div><div><br></div><div>-Danny</div><div><br></div><div><br><div><br></div>=
<div><br></div></div></div><div class=3D"gmail_extra"><br><div class=3D"gma=
il_quote">On Wed, Oct 21, 2015 at 1:46 AM, Luke Dashjr via bitcoin-dev <spa=
n dir=3D"ltr">&lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" =
target=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a>&gt;</span> wrot=
e:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-l=
eft:1px #ccc solid;padding-left:1ex"><span class=3D"">On Wednesday, October=
 21, 2015 8:44:53 AM Christian Decker wrote:<br>
&gt; Hm, that is true as long as the signer is the only signer of the<br>
&gt; transaction, otherwise he&#39;d be invalidating the signatures of the =
other<br>
&gt; signers.<br>
<br>
</span>Or he can just have the other signers re-sign with the modified vers=
ion.<br>
Even if it only worked with a single signer, it&#39;s still a form of malle=
ability<br>
that your BIP does not presently solve, but would be desirable to solve...<=
br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
Luke<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</div></div></blockquote></div><br></div>

--001a113ac2aed85f300522a17595--