1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <gavinandresen@gmail.com>) id 1WGV5A-0000ax-VZ
for bitcoin-development@lists.sourceforge.net;
Thu, 20 Feb 2014 14:58:37 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.213.41 as permitted sender)
client-ip=209.85.213.41; envelope-from=gavinandresen@gmail.com;
helo=mail-yh0-f41.google.com;
Received: from mail-yh0-f41.google.com ([209.85.213.41])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1WGV59-0001Xa-Kn
for bitcoin-development@lists.sourceforge.net;
Thu, 20 Feb 2014 14:58:36 +0000
Received: by mail-yh0-f41.google.com with SMTP id f73so747827yha.14
for <bitcoin-development@lists.sourceforge.net>;
Thu, 20 Feb 2014 06:58:30 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.236.101.18 with SMTP id a18mr3657307yhg.65.1392908310150;
Thu, 20 Feb 2014 06:58:30 -0800 (PST)
Received: by 10.170.133.213 with HTTP; Thu, 20 Feb 2014 06:58:30 -0800 (PST)
In-Reply-To: <CAAS2fgTBxSfpuANP0+J1UM2nWOxQASYFBCQFW1D5L2j3DWRx-A@mail.gmail.com>
References: <CAPg+sBgPG+2AMbEHSRQNFn6FikbRzxkWduj5MSZLz-O6Wh940w@mail.gmail.com>
<CALf2ePwc=es-aDSeJO2DZwu9kyHwq9dcp5TrMAhN-dvYwNjy-w@mail.gmail.com>
<52FBD948.906@monetize.io> <201402122252.31060.luke@dashjr.org>
<CAPWm=eV9YP3wAbCFt1JcSqJ6Jc3kY_546MVk3cHT+X8seC8vRw@mail.gmail.com>
<CAAS2fgSwjGohhiXuwhG3bJ5mLxSS8Dx0Hytmg7PhhRzwnw7FNQ@mail.gmail.com>
<EFA82A3F-2907-4B2B-9FCB-DCA02CA4EC63@mac.com>
<CAPg+sBgnuNygR7_yny1=+wGWmeLcub0A8_ep3U-5ewmQJk71jw@mail.gmail.com>
<601EE159-9022-4ADF-80AC-7E1C39E86A65@mac.com>
<CAPg+sBg9=XK=PGSW8DcU1LR85oeTDmpS4U-vYUXbraZQpU+edg@mail.gmail.com>
<81A62AB7-9EC6-439E-96CF-F064F0151BB9@mac.com>
<CANEZrP26U3BjEi66xjD9SRxrAupGmYC6mKiYYw27BH3q1b1hLQ@mail.gmail.com>
<CAAS2fgSm9o-Xz4i0_wPGPfh_108ttnNPkXtxv5hCj9CsJh=AXQ@mail.gmail.com>
<CABsx9T1R+2rBa1VkaJiS3ktAgoMaBHfkUb3kXxwpHSxjtqNrRw@mail.gmail.com>
<CAAS2fgTBxSfpuANP0+J1UM2nWOxQASYFBCQFW1D5L2j3DWRx-A@mail.gmail.com>
Date: Thu, 20 Feb 2014 09:58:30 -0500
Message-ID: <CABsx9T3bf-f7VhuRMQhvce16mSent5SzUn1ZbwpbnWAvvU6S8Q@mail.gmail.com>
From: Gavin Andresen <gavinandresen@gmail.com>
To: Gregory Maxwell <gmaxwell@gmail.com>
Content-Type: multipart/alternative; boundary=20cf3010ea2508051804f2d7bd17
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(gavinandresen[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WGV59-0001Xa-Kn
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] [RFC] [BIP proposal] Dealing with
malleability
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 20 Feb 2014 14:58:37 -0000
--20cf3010ea2508051804f2d7bd17
Content-Type: text/plain; charset=ISO-8859-1
Great, I'm hearing rough consensus to proceed with Pieter's plan.
RE: far from confident on malleability routes: I'm reasonably confident
that we can squash malleability for IsStandard, SIGHASH_ALL transactions. A
proper proof of DSA signature un-malleability (or an lower bound for how
much work it would be to create a valid doppleganger signature) would be
great, but I don't think it is necessary to proceed.
On Thu, Feb 20, 2014 at 9:36 AM, Gregory Maxwell <gmaxwell@gmail.com> wrote:
> On Thu, Feb 20, 2014 at 6:29 AM, Gavin Andresen <gavinandresen@gmail.com>
> wrote:
> > I think we should get Pieter's proposal done and implemented quickly. I
> > agree with Mike, it doesn't have to take a long time for the core
> network to
> > fully support this.
> >
> > Getting wallets to start generating transaction.version=3 might take
> years,
> > but that is OK.
>
> Sure I'm all for doing what Pieter suggested-- it's basically the plan
> we've been executing for some time already but with the version check
> to make it sane to complete.
>
> My reserved sounding comments were relative to the proposals to do
> things with nversion=1 transactions, frankly I think thats completely
> insane. Though while we're on the subject of reservations, I am far
> from confident that we've uncovered all the possible malleability
> routes-- that list gained a new, never before discussed entry, when
> Pieter was writing it a couple weeks ago. We also have no proof of
> the absence of further algebraic malleability in DSA (though I think
> its somewhat unlikely, a solid proof of it has been somewhat elusive).
>
--
--
Gavin Andresen
--20cf3010ea2508051804f2d7bd17
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Great, I'm hearing rough consensus to proceed with Pie=
ter's plan.<div><br></div><div>RE: far from confident on malleability r=
outes: I'm reasonably confident that we can squash malleability f=
or IsStandard, SIGHASH_ALL transactions. A proper proof of DSA signature un=
-malleability (or an lower bound for how much work it would be to create a =
valid doppleganger signature) would be great, but I don't think it is n=
ecessary to proceed.</div>
</div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Thu,=
Feb 20, 2014 at 9:36 AM, Gregory Maxwell <span dir=3D"ltr"><<a href=3D"=
mailto:gmaxwell@gmail.com" target=3D"_blank">gmaxwell@gmail.com</a>></sp=
an> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"HOEnZb"><div class=3D"h5">On T=
hu, Feb 20, 2014 at 6:29 AM, Gavin Andresen <<a href=3D"mailto:gavinandr=
esen@gmail.com">gavinandresen@gmail.com</a>> wrote:<br>
> I think we should get Pieter's proposal done and implemented quick=
ly. I<br>
> agree with Mike, it doesn't have to take a long time for the core =
network to<br>
> fully support this.<br>
><br>
> Getting wallets to start generating transaction.version=3D3 might take=
years,<br>
> but that is OK.<br>
<br>
</div></div>Sure I'm all for doing what Pieter suggested— it'=
s basically the plan<br>
we've been executing for some time already but with the version check<b=
r>
to make it sane to complete.<br>
<br>
My reserved sounding comments were relative to the proposals to do<br>
things with nversion=3D1 transactions, frankly I think thats completely<br>
insane. Though while we're on the subject of reservations, I am far<br>
from confident that we've uncovered all the possible malleability<br>
routes— that list gained a new, never before discussed entry, when<br=
>
Pieter was writing it a couple weeks ago. We also have no proof of<br=
>
the absence of further algebraic malleability in DSA (though I think<br>
its somewhat unlikely, a solid proof of it has been somewhat elusive).<br>
</blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>--<br>Gavin =
Andresen<br>
</div>
--20cf3010ea2508051804f2d7bd17--
|
