1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
|
Delivery-date: Thu, 28 Mar 2024 11:50:58 -0700
Received: from mail-oi1-f187.google.com ([209.85.167.187])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBC3PT7FYWAMRBCXYS2YAMGQEGXDHAPY@googlegroups.com>)
id 1rpuq2-0007Ek-1o
for bitcoindev@gnusha.org; Thu, 28 Mar 2024 11:50:58 -0700
Received: by mail-oi1-f187.google.com with SMTP id 5614622812f47-3c3c73e89fdsf1240203b6e.0
for <bitcoindev@gnusha.org>; Thu, 28 Mar 2024 11:50:57 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1711651852; cv=pass;
d=google.com; s=arc-20160816;
b=tkEIPudLbS3hUCyk+ARK0VZnhwOMVTqXLw0QOZ8VIWNo3hWDv8fKLv1oQ1buVpN6r/
4b4oUWJqu+cVR4N87muLY0Qr2z6iklqWxKTmAKWZPGPVujwWDTQVHFPxjKMHv29TCH0N
r511+nq4iuf8c860yv3sTSbu2LiKK9W9ahXVuNebJiZ84daXIReMlRfehITLNgM3+JT3
pWlUn1F+RW8p5sIv8AHq75LsdcTKAM0ebkYApP2bfcVxOZELgv4tVom2L/++72jXH6X7
0CG5SBtVwGDkQv45Dm5qHSJoj/pylDVIuZysmgD0Y3CrWqrM6rSHpNtwYxmOi8W0iTUO
2EfQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:cc:to:subject:message-id:date:from
:in-reply-to:references:mime-version:sender:dkim-signature
:dkim-signature;
bh=sVG/JjB9vK+fGaCdNlfbQkos1UAObbjYz9ISFiSl6D4=;
fh=JzeGCGfhOA6QJfVajsn/MzMH/uWj53Elf19/rsmH9I0=;
b=hZxdzwLa4QGT2B9GSDXO9x+/ApLnxU030yg30ENb48jZhaAGKpZFRyex8CXTmMGBR+
dcrkcw1b2TLokzcJSUxq7EAI8SmCN4i9i27+mxECs2prWkSiE/ggTdbH0kVHrYbkivij
AUso8ShByCd9D3ThgiozKY//TFM8xMcoey2Dixn9SSD/mv/beE9bijAeIwBeezdKD6H2
vmj8vBtXaaooZt4u5Y/XidtrsT8h19D26GsIfoNvRVXI8XoxiOp+0+BS06NWKWdk6Dx9
AAb3gi4a7Qoyov4hoe+JGoWfMnaxqNoas4D2HkzXpPSy4zGFuUTDLg5yPuZ1cQeu54uB
vRHg==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=fnvJ5b7L;
spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::d2b as permitted sender) smtp.mailfrom=antoine.riard@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1711651851; x=1712256651; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
:references:mime-version:sender:from:to:cc:subject:date:message-id
:reply-to;
bh=sVG/JjB9vK+fGaCdNlfbQkos1UAObbjYz9ISFiSl6D4=;
b=bEWM9OIHRF0jt/PtEX4sYgkX7tthFaIdYuJe5vgVUDWaltB4DZl+L+WnVNSNNrXf90
yCFboI7YmR94gXzugQnJetvm4+Uldj6MUM4DB0QsupC0Z+FX2Ebnopb23ocr0PGfICLL
ki3wrce4upFbw7OkaZd6ppbxSZq1lwh54eYUrH1d21tuln1ajQaob78Vp+lOvNp9YYC7
qC7foT2RnbUYtqZ2pt+syQapEJFHSSslkXFI96wzHvM3TgvUH3Sh/0qXpd9gx6DG8Fp+
aSqAGnfiCDTZXS8CybG+1fGB9zpanvCwyn4BBOl0YKTrd4bMDuLH1FTlFTU6smvgoqHw
Yp4Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1711651851; x=1712256651; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
:references:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=sVG/JjB9vK+fGaCdNlfbQkos1UAObbjYz9ISFiSl6D4=;
b=FdLaZb5V5ZsHJWzRsE7ihSFty2dBLsFAkAo+cEdnBlvbhwC0BjMFIj61NOQRzw02vU
SDIGbIKd9/zvwnV3BOhjDljNuYBiYnMlHSm0RxAaq9zodhDW61I0Pb3Yi2zcsTysiYis
/LL9aYtCH6/nCEmhTvibIFTNcAhVlzWXMyW8/usfr917MT20dY/M5AMO66Qp2QjXligO
EtvF8ZI6a+CoLSdkg1zUNc2ZusNE9T8PwUIiktVFlE7CwSv7qwAfRcJwC+byPcFh1fyD
JiLKqoW48TRMvIIQHKarC+r0oZqm5DjCQDSTGp54PZYS5NQCFiV80ElFkvvuX/kA0jKo
CLog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1711651852; x=1712256652;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
:references:mime-version:x-beenthere:x-gm-message-state:sender:from
:to:cc:subject:date:message-id:reply-to;
bh=sVG/JjB9vK+fGaCdNlfbQkos1UAObbjYz9ISFiSl6D4=;
b=BYuahA3uX6I9DThXW0VhPNk4/8H6pQmS6TwVz5K7XeHXfpLuZ7/4XGIYDF18Hla3vV
lPaPY98vBFiRB/VJHH4yYuvFX9CRg+acS7DQ7Ner02e5dM7PprFpM/xtkkoHxIUUVpTQ
aVxuTKnjo0NJBSrAdkivy9Ujeg6yDTa6wFGVRbCE775QU/MhRYqFA7TmRwqNKgaut/9M
mDTUKgWnJtf8iH1mavGivM9sVcZ7EoArkbgYd/smZrSqAOBzwAX2+kNZcRQUYNOcZb7W
2Z556xKN3Bo8Qo9Y0fvxD6oS3WKvsEJvl/GP5TUvgsVXUkzFrboQAI8Snso/zUmQdlqr
mbwg==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCXyQzJYr2vFWeeJwEpMqbpRYtwji9uLPh4ytadMeti6O/VR2brCj5hodDGuN4bcvdYaA/EWXWiTgj1TN3rg2C04vnI1te4=
X-Gm-Message-State: AOJu0Yzx0qFYgo6Bh8agE3VssWO46MIjsRcrv8c7Q4Vk2P1bTLC9Aojp
omRFbq0EJnQzZLwmjxKGA+8cDhb2tzHTb9hkEE/+1M7+BJq6/AhP
X-Google-Smtp-Source: AGHT+IGCzWmZH+opk76QypKM671KCdkWdYdoY9+KbMZJ7Pd4wwt8s4H3EHRbgMMT69wEx3ogCXzK4A==
X-Received: by 2002:a05:6808:3c8f:b0:3c3:ee38:cc81 with SMTP id gs15-20020a0568083c8f00b003c3ee38cc81mr159836oib.23.1711651850672;
Thu, 28 Mar 2024 11:50:50 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:622a:1818:b0:42e:cef8:7f63 with SMTP id
t24-20020a05622a181800b0042ecef87f63ls1700983qtc.0.-pod-prod-09-us; Thu, 28
Mar 2024 11:50:49 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCWy5GgtvSIFOFeegDcUITPwdu/VrUQcMKf0CkwtIYiy5f/sIU8ASVcC8o5szAl+Q23wPtPpz5is05HVzAQKDmGvE2iw3Ky0i8jOcFE=
X-Received: by 2002:a05:620a:1a04:b0:78b:c210:39fe with SMTP id bk4-20020a05620a1a0400b0078bc21039femr11988qkb.8.1711651849774;
Thu, 28 Mar 2024 11:50:49 -0700 (PDT)
Received: by 2002:a05:620a:2953:b0:78a:59df:2777 with SMTP id af79cd13be357-78b8a9a4eb3ms85a;
Thu, 28 Mar 2024 11:34:55 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCVufATauLI0krRynVo3tqr9wq5s9RMKYWkft5e7wBdNLEKGSbAV05jrvZiqXGraPiPFWuVHig0yJuSx+0Ny77VsR5cilmz48VT5fZI=
X-Received: by 2002:a05:6214:4902:b0:696:8017:8732 with SMTP id pd2-20020a056214490200b0069680178732mr120840qvb.14.1711650894457;
Thu, 28 Mar 2024 11:34:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1711650894; cv=none;
d=google.com; s=arc-20160816;
b=jneVKODWtoPCN4J8BG9TiJi95vuhP/4tBT3Pncmciu384VyLPh6Zcx5DFmZHOQeNiy
JjVflmCeIIK/JITibYWuV4Jgc/xh/f2SqTicMm5bhdUdRTE3+U8rQ7eN4X395sxYSZmd
0/ycOLwr+2kTvmR3xLjPOzzEXm2FtgG+W5fuHxPBKto/Jp1M3vciy54GCDICHRUZr4gT
Fj56vjBVoUOn4y2xkMfjWtn/vNGuXlY4UiYeCrqXyt/p/PHnw9jkmvmdB2nJiQrn+sRD
mxi/zmTBiES3svNb2M9XrK50pV8Y5fMh1aeaHqRNJxElx6s4UlXBsz6oIyuj0Y+y118B
r+ww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:dkim-signature;
bh=gAjK5bzzl2Qd1rlMbT5IFQblQ/+Trj+hd0SIkglS//Y=;
fh=d5JtCUGvWbFGey+B+GYxDiBL9DHe1nSyWkexWjGLhIw=;
b=r8J5g5m96cK6Ll+RQ6Uh38uvGbAyxGibR0rNPUtNgcbrK/F2Kl1B45y1OffV3dprp0
zuRcWu97vYghjrArNP1cEGVQqXw0fMN4qVIl18YeGlhdyA62hYqcngEcX2l7LURh+PnL
wALBoVI4MgQJPmK+qnmAtUPMka5ugjTtSMVjuE62Xr74FtvMzvgRaiedaapMvTax1N3F
20yanInJ1WM6b1sFHlkYHCQ+yc8bkkjWqUhoTQh/9DGJeEpgkrYid0QTjoWzI1Lsce8y
G57IwYo/EnnZAVhHVFw4PTwJ12ZlT71DtwqdoMDOZvhlZiPHEey/v7ihgCsNMeLaPBPM
BUAQ==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=fnvJ5b7L;
spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::d2b as permitted sender) smtp.mailfrom=antoine.riard@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com. [2607:f8b0:4864:20::d2b])
by gmr-mx.google.com with ESMTPS id i16-20020a0cab50000000b0068f10446451si205295qvb.7.2024.03.28.11.34.54
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Thu, 28 Mar 2024 11:34:54 -0700 (PDT)
Received-SPF: pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::d2b as permitted sender) client-ip=2607:f8b0:4864:20::d2b;
Received: by mail-io1-xd2b.google.com with SMTP id ca18e2360f4ac-7c8ae457b27so32227939f.2
for <bitcoindev@googlegroups.com>; Thu, 28 Mar 2024 11:34:54 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCV+Ex3LTXSs6Mp1AxCP9TDm8u/DJ6hoiLjrIV4EGfTW8/AX67GYRtnIrTdDRweO7Gk64TD/ptz79okADi9jSyy4/Hip0keesmOs0yQ=
X-Received: by 2002:a6b:6708:0:b0:7cc:9dc:70a6 with SMTP id
b8-20020a6b6708000000b007cc09dc70a6mr4114224ioc.21.1711650893732; Thu, 28 Mar
2024 11:34:53 -0700 (PDT)
MIME-Version: 1.0
References: <f7fbeb4f58904fc5a24b6fc2d829036c@dtrt.org> <ZgRfvrYatcpqPNRn@petertodd.org>
<bbc33ff01e464f8c84a593ac05c5722c@dtrt.org> <ZgSB6kmLiDG08Yrd@petertodd.org> <CABu3BAeYsMG7TuM_htTYREgDdGOKV=gwFJ+T59L=qHqbewz4vw@mail.gmail.com>
In-Reply-To: <CABu3BAeYsMG7TuM_htTYREgDdGOKV=gwFJ+T59L=qHqbewz4vw@mail.gmail.com>
From: Antoine Riard <antoine.riard@gmail.com>
Date: Thu, 28 Mar 2024 18:34:42 +0000
Message-ID: <CALZpt+EK26=E6U9OdY+c9LVQnGtb-f5zzKt5RTwBoHpr_SSxcA@mail.gmail.com>
Subject: Re: [bitcoindev] A Free-Relay Attack Exploiting RBF Rule #6
To: Steve Lee <steven.j.lee@gmail.com>
Cc: Peter Todd <pete@petertodd.org>, "David A. Harding" <dave@dtrt.org>, bitcoindev@googlegroups.com
Content-Type: multipart/alternative; boundary="0000000000008021850614bcc7c6"
X-Original-Sender: antoine.riard@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@gmail.com header.s=20230601 header.b=fnvJ5b7L; spf=pass
(google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::d2b
as permitted sender) smtp.mailfrom=antoine.riard@gmail.com; dmarc=pass
(p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)
--0000000000008021850614bcc7c6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi Steve,
> He literally cites a reference to an example.
About CVE-2017-12842, the report of Sergio Demian Lerner available here
gives more information on the reporting process of the vulnerability:
https://bitslog.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-de=
sign/
I'll attract attention on the following words of Sergio himself:
"and as I said in the first paragraph, the weakness was already known by
some developers. But I still don't understand (1) why so many people knew
about it but underestimated it badly, (2) why there was no attempt to fix
it."
Sadly, from my experience reporting weaknesses or reviewing security
patches in Bitcoin Core, senior developers in this field are still aware of
more vulnerabilities than they usually have time to fix them. Additionally,
sometimes "ambiguous" patches are deliberately done where a lightweight
weakness is fixed and argued in public as such, when in reality more severe
issues are hardened under the hood.
In the present case making non-standard 64 bytes transactions without
witness in Bitcoin Core 16.0 added a belt-and-suspender in face of
block-malleability validation issues that could split the network _and_ it
leveled up the bar for double-spending SPV clients. That latest
exploitation scenario was the one which was early disclosed by Peter in
June 2018.
Coming back to the present "free-relay" bandwidth wasting class of attack
disclosure, I effectively myself think a 4-days delay was a bit short for a
full disclosure.
Comparing to CVE-2021-31876 (core's lack of inheritance signaling), full
disclosure report is available here:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.htm=
l
The initial report was made 2021-03-19. We didn't go the route of landing a
covert patch as it was appreciated that potential DoS risks outweighs the
safety of non-anchors exposed LN channels. Weakness report was made
available the 2021-05-06 after noticing maintainers of most-likely exposed
Bitcoin softwares, so a delay of 50-days. As a reminder, in the full
disclosure report I myself champion some changes in the BOLT protocol such
as dynamic upgrades that would make handling this kind of security issues
easier [0].
I believe in the present "free-relay" bandwidth wasting, letting a minimal
2-weeks delay would have been more reasonable. Security list members might
be in flight travels or at conferences, or under other operational
constraints and domain experts in the area of transaction-relay might not
be available to give full-fledged answers. Even if you have private
contacts of someone, don't rush them to get an answer when it can be
midnight in their time zones and they're recovering from jet lags.
On the other hand, if you don't receive a satisfying answer as a security
finding reporter after 2 weeks, or an acknowledgement of email reporting
reception after ~72 hours from vendors, I still think you're free to move
ahead with a full disclosure. Sadly, I had "bad faith" vendor cases in my
career as a security researcher in considerations of ethical infosec rules.
Best,
Antoine
[0] By the way the pinning vector exposed in CVE-2021-31876 still affects
LDK channels as the commit beef584c `negotiate_anchors_zero_fee_htlc_tx` is
false by default. And this is not fixed by v3 without avoiding all
nversion=3D2 by an on-chain confirmation to be replayed (L792,
src/validation.cpp - commit d1e9a02). I"ll be polite and not ask what LDK
maintainers are doing with their time.
Le mer. 27 mars 2024 =C3=A0 22:14, Steve Lee <steven.j.lee@gmail.com> a =C3=
=A9crit :
>
>
> On Wed, Mar 27, 2024 at 2:56=E2=80=AFPM Peter Todd <pete@petertodd.org> w=
rote:
>
>>
>> I'm not the only person who thinks this looks like harassment. The fact
>> is you
>> started this conversation with: "I'm especially concerned given your pas=
t
>> history of publicly revealing vulnerabilities before they could be quiet=
ly
>> patched and the conflict of interest of you using this disclosure to
>> advocate
>> for a policy change you are championing."
>>
>> You haven't substantiated any of this.
>
>
> He literally cites a reference to an example.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Bitcoin Development Mailing List" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/bitcoindev/EJYoeNTPVhg/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/bitcoindev/CABu3BAeYsMG7TuM_htTYREgDdGO=
KV%3DgwFJ%2BT59L%3DqHqbewz4vw%40mail.gmail.com
> <https://groups.google.com/d/msgid/bitcoindev/CABu3BAeYsMG7TuM_htTYREgDdG=
OKV%3DgwFJ%2BT59L%3DqHqbewz4vw%40mail.gmail.com?utm_medium=3Demail&utm_sour=
ce=3Dfooter>
> .
>
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/=
bitcoindev/CALZpt%2BEK26%3DE6U9OdY%2Bc9LVQnGtb-f5zzKt5RTwBoHpr_SSxcA%40mail=
.gmail.com.
--0000000000008021850614bcc7c6
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hi Steve,<div><br></div><div>> He literally cites a ref=
erence to an example.</div><span class=3D"gmail-im" style=3D"color:rgb(80,0=
,80)"><p></p></span>About CVE-2017-12842, =C2=A0the report of Sergio Demian=
Lerner available here gives more information on the reporting process of t=
he vulnerability:<div><a href=3D"https://bitslog.com/2018/06/09/leaf-node-w=
eakness-in-bitcoin-merkle-tree-design/">https://bitslog.com/2018/06/09/leaf=
-node-weakness-in-bitcoin-merkle-tree-design/</a><br></div><div><br></div><=
div>I'll attract attention on the following words of Sergio himself:</d=
iv><div><br></div><div>"and as I said in the first=C2=A0paragraph, the=
weakness was already known by some developers. But I still don't under=
stand (1) why so many people knew about it but underestimated it badly, (2)=
why there was no attempt to fix it."</div><div><br></div><div>Sadly, =
from my experience reporting weaknesses or reviewing security patches in Bi=
tcoin Core, senior developers in this field are still aware of more vulnera=
bilities than they usually have time to fix them. Additionally, sometimes &=
quot;ambiguous" patches are deliberately done where a lightweight weak=
ness is fixed and argued in public as such, when in reality more severe iss=
ues are hardened under the hood.</div><div><br></div><div>In the present ca=
se making non-standard 64 bytes transactions without witness in Bitcoin Cor=
e 16.0 added a belt-and-suspender in face of block-malleability validation =
issues that could split the network _and_ it leveled up the bar for double-=
spending SPV clients. That latest exploitation scenario was the one which w=
as early disclosed by Peter in June 2018.</div><div><br></div><div>Coming b=
ack to the present "free-relay" bandwidth wasting class of attack=
disclosure, I effectively myself think a 4-days delay was a bit short for =
a full disclosure.</div><div><br></div><div>Comparing to CVE-2021-31876 (co=
re's lack of inheritance signaling), full disclosure report is availabl=
e here:</div><div><a href=3D"https://lists.linuxfoundation.org/pipermail/bi=
tcoin-dev/2021-May/018893.html">https://lists.linuxfoundation.org/pipermail=
/bitcoin-dev/2021-May/018893.html</a><br></div><div><br></div><div>The init=
ial report was made 2021-03-19. We didn't go the route of landing a cov=
ert patch as it was appreciated that potential DoS risks outweighs the safe=
ty of non-anchors exposed LN channels. Weakness report was made available t=
he 2021-05-06 after noticing maintainers of most-likely exposed Bitcoin sof=
twares, so a delay of 50-days. As a reminder, in the full disclosure report=
I myself champion some changes in the BOLT protocol such as dynamic upgrad=
es that would make handling this kind of security issues easier [0].</div><=
div><br></div><div>I believe in the present "free-relay" bandwidt=
h wasting, letting a minimal 2-weeks delay would have been more reasonable.=
Security list members might be in flight travels or at conferences, or und=
er other operational constraints and domain experts in the area of transact=
ion-relay might not be available to give full-fledged answers. Even if you =
have private contacts of someone, don't rush them to get an answer when=
it can be midnight in their time zones and they're recovering from jet=
lags.</div><div><br></div><div>On the other hand, if you don't receive=
a satisfying answer as a security finding reporter after 2 weeks, or an ac=
knowledgement of email reporting reception after ~72 hours from vendors, I =
still think you're free to move ahead with a full disclosure. Sadly, I =
had "bad faith" vendor cases in my career as a security researche=
r in considerations of ethical=C2=A0infosec rules.</div><div><br></div><div=
>Best,</div><div>Antoine</div><div><br></div><div>[0] By the way the pinnin=
g vector exposed in CVE-2021-31876 still affects LDK channels as the commit=
beef584c=C2=A0`negotiate_anchors_zero_fee_htlc_tx` is false by default. An=
d this is not fixed by v3 without avoiding all nversion=3D2 by an on-chain =
confirmation to be replayed (L792, src/validation.cpp - commit d1e9a02). I&=
quot;ll be polite and not ask what LDK maintainers are doing with their tim=
e.</div><div><div><br></div></div></div><br><div class=3D"gmail_quote"><div=
dir=3D"ltr" class=3D"gmail_attr">Le=C2=A0mer. 27 mars 2024 =C3=A0=C2=A022:=
14, Steve Lee <<a href=3D"mailto:steven.j.lee@gmail.com">steven.j.lee@gm=
ail.com</a>> a =C3=A9crit=C2=A0:<br></div><blockquote class=3D"gmail_quo=
te" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-sty=
le:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir=3D"l=
tr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote"><div dir=3D"l=
tr" class=3D"gmail_attr">On Wed, Mar 27, 2024 at 2:56=E2=80=AFPM Peter Todd=
<<a href=3D"mailto:pete@petertodd.org" target=3D"_blank">pete@petertodd=
.org</a>> wrote:</div><blockquote class=3D"gmail_quote" style=3D"margin:=
0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left=
-color:rgb(204,204,204);padding-left:1ex">
<br>
I'm not the only person who thinks this looks like harassment. The fact=
is you<br>
started this conversation with: "I'm especially concerned given yo=
ur past<br>
history of publicly revealing vulnerabilities before they could be quietly<=
br>
patched and the conflict of interest of you using this disclosure to advoca=
te<br>
for a policy change you are championing."<br>
<br>
You haven't substantiated any of this. </blockquote><div><br></div><div=
>He literally cites a reference to an example.</div></div></div>
<p></p>
-- <br>
You received this message because you are subscribed to a topic in the Goog=
le Groups "Bitcoin Development Mailing List" group.<br>
To unsubscribe from this topic, visit <a href=3D"https://groups.google.com/=
d/topic/bitcoindev/EJYoeNTPVhg/unsubscribe" target=3D"_blank">https://group=
s.google.com/d/topic/bitcoindev/EJYoeNTPVhg/unsubscribe</a>.<br>
To unsubscribe from this group and all its topics, send an email to <a href=
=3D"mailto:bitcoindev+unsubscribe@googlegroups.com" target=3D"_blank">bitco=
indev+unsubscribe@googlegroups.com</a>.<br>
To view this discussion on the web visit <a href=3D"https://groups.google.c=
om/d/msgid/bitcoindev/CABu3BAeYsMG7TuM_htTYREgDdGOKV%3DgwFJ%2BT59L%3DqHqbew=
z4vw%40mail.gmail.com?utm_medium=3Demail&utm_source=3Dfooter" target=3D=
"_blank">https://groups.google.com/d/msgid/bitcoindev/CABu3BAeYsMG7TuM_htTY=
REgDdGOKV%3DgwFJ%2BT59L%3DqHqbewz4vw%40mail.gmail.com</a>.<br>
</blockquote></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion on the web visit <a href=3D"https://groups.google.c=
om/d/msgid/bitcoindev/CALZpt%2BEK26%3DE6U9OdY%2Bc9LVQnGtb-f5zzKt5RTwBoHpr_S=
SxcA%40mail.gmail.com?utm_medium=3Demail&utm_source=3Dfooter">https://group=
s.google.com/d/msgid/bitcoindev/CALZpt%2BEK26%3DE6U9OdY%2Bc9LVQnGtb-f5zzKt5=
RTwBoHpr_SSxcA%40mail.gmail.com</a>.<br />
--0000000000008021850614bcc7c6--
|
