summaryrefslogtreecommitdiff
path: root/b1/07acb81ac2ea7ff8117231d78e89e5a6b58fc2
blob: d5f2395f5f1dc174c473159ea5308a09b22ccab8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
Return-Path: <steven.charles.davis@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 7FEFC360
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 25 Feb 2017 21:54:18 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-it0-f67.google.com (mail-it0-f67.google.com
	[209.85.214.67])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 0DCB2AF
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 25 Feb 2017 21:54:17 +0000 (UTC)
Received: by mail-it0-f67.google.com with SMTP id 203so7821505ith.2
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 25 Feb 2017 13:54:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=mime-version:subject:from:in-reply-to:date:cc
	:content-transfer-encoding:message-id:references:to;
	bh=cG7eerOsV9A0HFh5XinItOlz4ZlbOSIjCaQ3vvOyx+Y=;
	b=qVv/dlf2vcOS4pbYOSv7zf1uYekWMcO/WEk64ZM2ycjzKft/dYHimaUVEiLJjLAVQm
	DJ3C8f+ETGePueCP7ws3fPd0PZkDe8yaTeFyOEtLGlH7WkFLltbBuhbNJ07njV0Flwsp
	Tdw8mw07jOR63DtRxz/CZjcWn/NH38aLE7WYquOgTnCapdLApDSDW0QfXky7BQFGU3kd
	GiDRCX7G0jhjuK9lu/CgNdE0+AeNIBfHiH5ObtO2fV2oLXDafTEO0SNtT+pVhnNrGly7
	DljNNc8M0fQdcbv3UeOBPtrn3oSxr1mXdzwH7qqCW84iFIRT6UWyLs/6xnZ7+JGQwyYL
	YHgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
	:content-transfer-encoding:message-id:references:to;
	bh=cG7eerOsV9A0HFh5XinItOlz4ZlbOSIjCaQ3vvOyx+Y=;
	b=YzxUtgiPT4e2n9RWzkYxEZ0ETieG40dld9x1HDc9Jz3eqmX27YyuuHK5gfcL8YrXhv
	baLWEiZ3kb/vOyv6UQRIwJXYG3Ccv56zHmLdgSVnlPk8scwcy6YwIUnanoXarl7emDLa
	zd0fATTUZ+5QbG0N2yX44J8ZPxR21ScGiQECohxlyzZHxzNGLKtmvLoVhsd2yv1IRFur
	qirb1f3FNOdw4H25Lnz+2Dttd+tfN9ymP1TxKHdTGwrP+okgT1iXcsCZKCZ7dJbOoVTs
	ElIXG7tw00mt3ryBiv4L3y7PNnSG4RPOhUYrTcv4iT6RmxJBFwPNzGCsvtfIZ+mmXPvY
	mYFQ==
X-Gm-Message-State: AMke39nOnpRPKxPh2rq1q5UA2QH3ZmhOIUyIq+onYYfq3i09VHQ/ge2jQ/u4fPwNdj8dfw==
X-Received: by 10.36.181.69 with SMTP id j5mr8435293iti.13.1488059657425;
	Sat, 25 Feb 2017 13:54:17 -0800 (PST)
Received: from [10.0.1.42] (71-81-80-204.dhcp.stls.mo.charter.com.
	[71.81.80.204]) by smtp.gmail.com with ESMTPSA id
	a22sm2430250itb.29.2017.02.25.13.54.16
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sat, 25 Feb 2017 13:54:16 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Steve Davis <steven.charles.davis@gmail.com>
In-Reply-To: <20170225214018.GA16524@savin.petertodd.org>
Date: Sat, 25 Feb 2017 15:54:16 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <D36DB0BD-C805-4346-B425-77D5B29582E5@gmail.com>
References: <8F096BE1-D305-43D4-AF10-2CC48837B14F@gmail.com>
	<20170225010122.GA10233@savin.petertodd.org>
	<208F93FE-B7C8-46BE-8E00-52DBD0F43415@gmail.com>
	<CAN6UTayzQRowtWhLKr8LyFuXjw3m+GjQGtHfkDj-Xu41Hym32w@mail.gmail.com>
	<CAEM=y+WkgSkc07ZsU6APAkcu37zVZ7dwSc=jAg1nho31S5ZyxQ@mail.gmail.com>
	<20170225191201.GA15472@savin.petertodd.org>
	<CAMZUoK=sq_sRoXuySca-VAGwA3AzeoZ5iNFSnKULbj+NtPjHFA@mail.gmail.com>
	<20170225210406.GA16196@savin.petertodd.org>
	<CAGLBAhdCb+QLWRm4FWkPvaM2sU24HuafdgNiS=wgnPTGzrW05w@mail.gmail.com>
	<4FE38F6A-0560-4989-9C53-7F8C94EA4C76@gmail.com>
	<20170225214018.GA16524@savin.petertodd.org>
To: Peter Todd <pete@petertodd.org>
X-Mailer: Apple Mail (2.3259)
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,
	RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Sat, 25 Feb 2017 22:08:47 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by
 third-parties, not just repo maintainers
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Feb 2017 21:54:18 -0000

Hi Peter,

> On Feb 25, 2017, at 3:40 PM, Peter Todd <pete@petertodd.org> wrote:
>=20
> On Sat, Feb 25, 2017 at 03:34:33PM -0600, Steve Davis wrote:
>> Yea, well. I don=E2=80=99t think it is ethical to post instructions =
without an associated remediation (BIP) if you don=E2=80=99t see the =
potential attack.
>=20
> I can't agree with you at all there: we're still at the point where =
the
> computational costs of such attacks limit their real-world impact, =
which is
> exactly when you want the *maximum* exposure to what they are and what =
the
> risks are, so that people develop mitigations.
>=20

I agree with the latter part of your statement but am actually much less =
confident about the first part=E2=80=A6 I need to run some numbers on =
that.

> Keeping details secret tends to keep the attacks out of public view, =
which
> might be a good trade-off in a situation where the attacks are =
immediately
> practical and the need to deploy a fix is well understood. But we're =
in the
> exact opposite situation.
>=20
>> I was rather hoping that we could have a fuller discussion of what =
the best practical response would be to such an issue?
>=20
> Deploying segwit's 256-bit digests is a response that's already fully =
coded and
> ready to deploy, with the one exception of a new address format. That =
address
> format is being actively worked on, and could be deployed relatively =
quickly if
> needed.
>=20

I really, really don=E2=80=99t want to get into it but segwit has many =
aspects that are less appealing, not least of which being the amount of =
time it would take to reach the critical mass.=20

Surely there's a number of alternative approaches which could be =
explored, even if only to make a fair assessment of a best response?

/s=