1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
Return-Path: <kanzure@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id ABDA5900
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 12 Sep 2017 05:18:16 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-io0-f177.google.com (mail-io0-f177.google.com
[209.85.223.177])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 1A7FAE0
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 12 Sep 2017 05:18:16 +0000 (UTC)
Received: by mail-io0-f177.google.com with SMTP id d16so39783409ioj.3
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 11 Sep 2017 22:18:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
bh=3yj9tNzhlRLWvohG5tKAPbkGAwP9dpqJamuEEWPRkcs=;
b=T4gMU2SN/f/TsiZuenWAzGUOX2HgzGnS+mKW+QilIWP360VmEWHyGQlkZF0wJfN1I2
aGrXO2nAYiI8DGKjxsjwwG/f5Z6wKgR+GZz66Ft+Cy6R/asYSMmKdiAkfK7koXPOvG6E
upt0T+bIe7Epay6w+ZWlqdOC2GxoJY1mkRqbCaY8aFq8jYVVkWdfRLA/HPM7HW3J903i
iQHQ4/DiKspXp4+K5NQdxkF96EwwLXoUg2T+FLB/feNDGIvcM3SO03S4/H99y8qXNvuj
CDB7lO1UrCHe9UPO/IVlFSUIEVzbNYHKEK03G8clYSUqKYb/18giPr/QsL4dx/eCXy+g
zGlg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to;
bh=3yj9tNzhlRLWvohG5tKAPbkGAwP9dpqJamuEEWPRkcs=;
b=FufK8/i4mXjJLNMIDLjb2pk23L9i1v9qG1JfX7++Ws75n2SdAl4FaC/vfrY45t80HJ
6JagcoUtOG8rsaHQvYJYp5ulFHnu7jmEdFxonYuyzaJwWZbGiu9dEJBsB/E54aZKf0bD
aftCW2P+Y2pz3p1HmXptuEJ7MZftLGci3MnKAsR82BRWOcPhrt4Momac274V0afucIXJ
/Sq7QP73dwjj0KFU+QZg99pYkh3lZj3A3abK5T5a4GVK9ztTR/wsrpT+2LzvELHC6DF1
AqsgptbwlTIB9LSpKgWw6fnt409hdNwOs6OhCiERMTax8Dd9jNn68+jFZwS6t88AvSAh
6KEg==
X-Gm-Message-State: AHPjjUihQUWWH5jgE0uspUY6B1+rkM187h5CFu6qCWpHV4zxMCzN0+rl
dHjynY1IY3/SOT8xOXJPTcVD3OlqgQ==
X-Google-Smtp-Source: AOwi7QC+/cSHp0pCZ1vzzk3LGcvrBSCUSpzDiO5YPTSOR5PAHDObdwwjmnH/vos/0GBnoHQIoPEcby5O7BwdgIF7g+c=
X-Received: by 10.202.207.81 with SMTP id f78mr14448806oig.162.1505193495369;
Mon, 11 Sep 2017 22:18:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.17.197 with HTTP; Mon, 11 Sep 2017 22:18:14 -0700 (PDT)
In-Reply-To: <20170912033703.GD19080@erisian.com.au>
References: <3e4541f3-f65c-5199-5e85-9a65ea5142e7@bitcartel.com>
<cb968a34-f8d2-ab61-dd15-9bd282afd18c@mattcorallo.com>
<20170911021506.GA19080@erisian.com.au>
<CAPWm=eVCh2FYp=SpOcZFLqz1ZCq3=Z_F9Sj+EAXFvqU-8aMuTg@mail.gmail.com>
<20170912033703.GD19080@erisian.com.au>
From: Bryan Bishop <kanzure@gmail.com>
Date: Tue, 12 Sep 2017 00:18:14 -0500
Message-ID: <CABaSBawaN8GTES96yZBKa574A0TiDAHvukipYH9MGk0Euev6PA@mail.gmail.com>
To: Anthony Towns <aj@erisian.com.au>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>,
Bryan Bishop <kanzure@gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=0.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM
autolearn=disabled version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] Responsible disclosure of bugs
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Sep 2017 05:18:16 -0000
On Mon, Sep 11, 2017 at 10:37 PM, Anthony Towns via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> All of those things seem like they'd help not just altcoins but bitcoin
> investors/traders too, so it's not even a trade-off between classes of
> bitcoin core users. And if in the end various altcoins aren't able to
> keep up with security fixes, that's probably valuable information to
> provide to the market...
I have a reply to your point, but I want to clarify first that I am
not trying to provide any sort of criticism of your character, and to
any extent that my text is misinterpreted that way, that's entirely my
fault here. Anyway, here goes.
It's not enough to defend bitcoin and its users from active threats,
there is a more general responsibility to defend all kinds of users
and different software from many kinds of threats in whatever forms,
even if folks are using stupid and insecure software that you
personally don't maintain or contribute to or advocate for. Handling
knowledge of a vulnerability is a delicate matter and you might be
receiving knowledge with more serious direct or indirect impact than
originally described.
Besides the moral and ethical reasons to not unduly accelerate the
exploitation of a vulnerability, there is also a reputational
standpoint to consider, in that your position that your own (security)
work is credible is actually harmed by showing negative care for other
works by being first to publish either insecure software or knowledge
of a vulnerability. And sometimes the opposite is true: by not
disclosing knowledge of how a design is broken to someone inviting its
review, you're showing negative care in that way too, such as by
unintentionally encouraging the implementation of really bad ideas or
entirely novel misunderstandings of what you once thought were clear
concepts. So there is a difficult path to walk and especially in
security not all may be as it seems; caution is highly recommended.
Yes it would be good for "the market" to "get the signal" that
altcoins are insecure, and that some altcoin vendors are literally and
actively malicious entities, but I think everyone needs to take a step
back here and very carefully consider the color of their hats,
including those who advocate in the name of insecure downstream/forked
software.
The downside of the approach I've advocated for is that it requires
knowledge, thinking and outsmarting the red teams; I am certainly
aware of the allure of the approaches that involve absolutist
statements like "anything weak [including bitcoin if it does have
weaknesses] deserves to die and be actively exploited" but it's not
something I am interested in espousing...nor do I think it would be
healthy for this community to internalize that perspective. Instead we
should continue to work on highly defensible software, and keep
vigilant in regards to security. In "the [civilized] garden" I would
expect there to be a general understanding that people collaborate and
work together to build highly defensible evolving systems even if
there exists knowledge of vulnerabilities. But we shouldn't be
surprised when we don't go out of our way to contribute to
alternative/parasitic systems... and we shouldn't be encouraging each
other to actively bring about the eschaton by way of mishandling
knowledge of vulnerabilities...
I know these issues are difficult to get a handle on. Hopefully I've
provided some useful perspective.
- Bryan
http://heybryan.org/
1 512 203 0507
|
