Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id AD31A192E for ; Tue, 29 Sep 2015 15:59:27 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from s47.web-hosting.com (s47.web-hosting.com [199.188.200.16]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5B84079 for ; Tue, 29 Sep 2015 15:59:27 +0000 (UTC) Received: from localhost ([::1]:52171 helo=server47.web-hosting.com) by server47.web-hosting.com with esmtpa (Exim 4.85) (envelope-from ) id 1ZgxJ3-000Npt-Uh; Tue, 29 Sep 2015 11:59:05 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Tue, 29 Sep 2015 11:59:05 -0400 From: jl2012@xbt.hk To: "Jonathan Toomim (Toomim Bros)" In-Reply-To: <40B097BA-A389-4C46-B5DE-2EC4738086BA@toom.im> References: <20150927185031.GA20599@savin.petertodd.org> <20150928132127.GA4829@savin.petertodd.org> <20150928142953.GC21815@savin.petertodd.org> <20150928144318.GA28939@savin.petertodd.org> <40B097BA-A389-4C46-B5DE-2EC4738086BA@toom.im> Message-ID: <5e90be1b8f85cd46ed20eae84c062702@xbt.hk> X-Sender: jl2012@xbt.hk User-Agent: Roundcube Webmail/1.0.5 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server47.web-hosting.com X-AntiAbuse: Original Domain - lists.linuxfoundation.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - xbt.hk X-Get-Message-Sender-Via: server47.web-hosting.com: authenticated_id: jl2012@xbt.hk X-Source: X-Source-Args: X-Source-Dir: X-From-Rewrite: unmodified, already matched X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] Let's deploy BIP65 CHECKLOCKTIMEVERIFY! X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Sep 2015 15:59:27 -0000 Jonathan Toomim (Toomim Bros) via bitcoin-dev 於 2015-09-29 09:30 寫到: > SPV clients will appear to behave normally, and > will continue to show new transactions and get confirmations in a > timely fashion. However, they will be systematically susceptible to > attack from double-spends that attempt to spend funds in a way that > the upgraded nodes will reject. These transactions will appear to get > 1 confirmation, then regress to zero conf, every single time. These > attacks can be performed for as long as someone mines with the old > version. 1. Who told you to accept 1-confirmation tx? Satoshi recommended 6 confirmations in the whitepaper. Take your own risk if you do not follow his advice. 2. This is true only if your SPV client naively follows the longest chain without even looking at the block version. This might be good enough for the 1st generation SPV client, but future generations should at least have basic fraud detecting mechanism. > If an attacker thinks he could get more than 25 BTC of > double-spends per block, he might even choose to mine with the > obsolete version in order to get predictable orphans and to trick SPV > clients and fully verifying wallets on the old version. This point is totally irrelevant. No matter there is a softfork or not, SPV users are always vulnerable to such double-spending attack if they blindly follow the longest chain AND accept 1-confirmation. The fiat currency system might be safer for them.