Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1S2Rhp-0006Pe-Cm for bitcoin-development@lists.sourceforge.net; Tue, 28 Feb 2012 18:23:21 +0000 X-ACL-Warn: Received: from zinan.dashjr.org ([173.242.112.54]) by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1S2Rhj-0001LV-Oi for bitcoin-development@lists.sourceforge.net; Tue, 28 Feb 2012 18:23:21 +0000 Received: from ishibashi.localnet (fl-184-4-164-217.dhcp.embarqhsd.net [184.4.164.217]) (Authenticated sender: luke-jr) by zinan.dashjr.org (Postfix) with ESMTPSA id 3198B560598; Tue, 28 Feb 2012 18:23:10 +0000 (UTC) From: "Luke-Jr" To: bitcoin-development@lists.sourceforge.net Date: Tue, 28 Feb 2012 13:23:01 -0500 User-Agent: KMail/1.13.7 (Linux/3.2.2-gentoo; KDE/4.7.4; x86_64; ; ) References: In-Reply-To: X-PGP-Key-Fingerprint: CE5A D56A 36CC 69FA E7D2 3558 665F C11D D53E 9583 X-PGP-Key-ID: 665FC11DD53E9583 X-PGP-Keyserver: x-hkp://subkeys.pgp.net MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201202281323.02976.luke@dashjr.org> X-Spam-Score: -0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1S2Rhj-0001LV-Oi Subject: Re: [Bitcoin-development] Duplicate transactions vulnerability X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2012 18:23:21 -0000 On Tuesday, February 28, 2012 11:48:39 AM Pieter Wuille wrote: > A simple way to fix this, is adding an extra protocol rule[1]: > > Do not allow blocks to contain a transaction whose hash is equal to > that of a former transaction which has not yet been completely spent. > > I've written about it in BIP30[2]. There is a patch for the reference > client, which has been tested and verified to make the attack > impossible. Has it been verified to make even rocconor's complicated transaction-based version impossible? > The purpose of this mail is asking for support for adding this rule to > the protocol rules. If there is consensus this rule is the solution, I > hope pools and miners can agree to update their nodes without lengthy > coinbase-flagging procedure that would only delay a solution. So, who > is in favor? Can we do this in two steps? First, prefer blocks which don't break the rule; once 55%+ are confirmed to have upgraded, then it is safe to treat it as a hard rule.