1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <pete@petertodd.org>) id 1WGE6A-0004sG-H0
for bitcoin-development@lists.sourceforge.net;
Wed, 19 Feb 2014 20:50:30 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of petertodd.org
designates 62.13.149.77 as permitted sender)
client-ip=62.13.149.77; envelope-from=pete@petertodd.org;
helo=outmail149077.authsmtp.com;
Received: from outmail149077.authsmtp.com ([62.13.149.77])
by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1WGE68-0004w7-PI for bitcoin-development@lists.sourceforge.net;
Wed, 19 Feb 2014 20:50:30 +0000
Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235])
by punt15.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s1JKoKp7060290;
Wed, 19 Feb 2014 20:50:20 GMT
Received: from [25.107.78.124] ([24.114.51.245]) (authenticated bits=0)
by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s1JKnZEh062364;
Wed, 19 Feb 2014 20:50:08 GMT
User-Agent: K-9 Mail for Android
In-Reply-To: <601EE159-9022-4ADF-80AC-7E1C39E86A65@mac.com>
References: <CAPg+sBgPG+2AMbEHSRQNFn6FikbRzxkWduj5MSZLz-O6Wh940w@mail.gmail.com>
<CALf2ePwc=es-aDSeJO2DZwu9kyHwq9dcp5TrMAhN-dvYwNjy-w@mail.gmail.com>
<52FBD948.906@monetize.io> <201402122252.31060.luke@dashjr.org>
<CAPWm=eV9YP3wAbCFt1JcSqJ6Jc3kY_546MVk3cHT+X8seC8vRw@mail.gmail.com>
<CAAS2fgSwjGohhiXuwhG3bJ5mLxSS8Dx0Hytmg7PhhRzwnw7FNQ@mail.gmail.com>
<EFA82A3F-2907-4B2B-9FCB-DCA02CA4EC63@mac.com>
<CAPg+sBgnuNygR7_yny1=+wGWmeLcub0A8_ep3U-5ewmQJk71jw@mail.gmail.com>
<601EE159-9022-4ADF-80AC-7E1C39E86A65@mac.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset=UTF-8
From: Peter Todd <pete@petertodd.org>
Date: Wed, 19 Feb 2014 15:49:32 -0500
To: Michael Gronager <gronager@mac.com>,
Pieter Wuille <pieter.wuille@gmail.com>
Message-ID: <ec7ad616-1596-420f-8101-6f1d86429638@email.android.com>
X-Server-Quench: 700b780a-99a7-11e3-b802-002590a15da7
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
aQdMdwsUHlAWAgsB AmIbWVReVV17WGU7 aQ5PbARZfE9PQQdu
VVdMSlVNFEsrAGZ6 WHRrChl0dQZAfDBx bEBhWz5cXEQock59
E1NdHDwBeGZhPWMC AkhYdR5UcAFPdx8U a1UrBXRDAzANdhES
HhM4ODE3eDlSNilR RRkIIFQOdA44JBAX clgxNxQXVVUfQD00
NBUiHxYwEU8VM0M9 eUQgRVJQNhYWDgBX FUBJATNITwAA
X-Authentic-SMTP: 61633532353630.1023:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 24.114.51.245/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
X-Headers-End: 1WGE68-0004w7-PI
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] [RFC] [BIP proposal] Dealing with
malleability
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 19 Feb 2014 20:50:30 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
While we might be able to get away with a retroactive change in meaning right now in the future that won't be so easy. There are lots if proposed applications for nLockTime-using protocols that depend on transactions (or parts of transactions) being possible to mine as is. Making existing transactions impossible to mine in the future will break those types of applications. We might as well use this as a learning experience for what a version bump would look like infrastructures wise.
Note how the above is a particularly bad example of gmaxwell's generic "don't break things" objection. Equally, remember that lots of infrastructure *does* handle malleability just fine already.
On February 19, 2014 3:28:24 PM EST, Michael Gronager <gronager@mac.com> wrote:
>Twisting your words a bit I read:
>
>* you want to support relay of transactions that can be changed on the
>fly, but you consider it wrong to modify them.
>* #3 is already not forwarded, but you still find it relevant to
>support it.
>
>Rational use cases of #3 will be pretty hard to find given the fact
>that they can be changed on the fly. We are down to inclusion in blocks
>by miners for special purposes - or did I miss out something?
>
>I think that we could guarantee fewer incidents by making version 1
>transactions unmalleable and then optionally introduce a version 3 that
>supported the malleability feature. That way most existing problematic
>implementations would be fixed and no doors were closed for people
>experimenting with other stuff - tx v 3 would probably then be called
>experimental transactions.
>
>/M
>
>
>On Feb 19, 2014, at 3:38 PM, Pieter Wuille <pieter.wuille@gmail.com>
>wrote:
>
>> On Wed, Feb 19, 2014 at 3:11 PM, Michael Gronager <gronager@mac.com>
>wrote:
>>> Why introduce a new transaction version for this purpose ? Wouldn't
>it be more elegant to simply let:
>>>
>>> 1. the next bitcoin version "prettify" all relayed transactions as
>deterministic transactions fulfilling the scheme 1-6 effectively
>blocking any malleability attack? If miners would upgrade then all
>transactions in blocks would have a deterministic hash.
>>
>> I consider actively mutating other's transactions worse than not
>> relaying them. If we want people to make their software deal with
>> malleability, either will work.
>>
>> Regarding deterministic hash: that's impossible. Some signature hash
>> types are inherently (and intentionally) malleable. I don't think we
>> should pretend to want to change that. The purpose is making
>> non-malleability a choice the sender of a transaction can make.
>>
>> Most of the rules actually are enforced by IsStandard already now.
>> Only #1 and #7 aren't. #1 affects the majority of all transactions,
>so
>> changing it right now would be painful. #7 only affects multisig.
>>
>>> 2. In a version later one could block relay of non deterministic
>transactions, as well as the acceptance of blocks with non-confirming
>transactions.
>>>
>>> To non-standard conforming clients this "prettify" change of hash
>would be seen as a constant malleability attack, but given the
>"prettify" code it is to fix any client into producing only conforming
>transactions, just by running the transaction through it before
>broadcast.
>>>
>>> There is a possible fork risk in step 2. above - if a majority of
>miners still havn't upgraded to 1 when 2 is introduced. We could
>monitor % non conforming transaction in a block and only introduce 2.
>once that number is sufficiently small for a certain duration -
>criteria:
>>> * Switch on forcing of unmalleable transactions in blocks when there
>has been only conforming transactions for 1000 blocks.
>>
>> The problem in making these rules into consensus rule (affecting
>> tx/block validity) is that some rules (in particular #3) may not be
>> wanted by everyone, as they effectively limit the possibilities of
>the
>> script language further. As it is ultimately only about protecting
>> senders who care about non-malleability, introducing a new
>transaction
>> version is a very neat way of accomplishing that. The new block
>> version number is only there to coordinate the rollout, and choosing
>> an automatic forking point.
>>
>> --
>> Pieter
>
>
>
>------------------------------------------------------------------------
>
>------------------------------------------------------------------------------
>Managing the Performance of Cloud-Based Applications
>Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
>Read the Whitepaper.
>http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Bitcoin-development mailing list
>Bitcoin-development@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/bitcoin-development
-----BEGIN PGP SIGNATURE-----
Version: APG v1.0.9
iQFQBAEBCAA6BQJTBRjcMxxQZXRlciBUb2RkIChsb3cgc2VjdXJpdHkga2V5KSA8
cGV0ZUBwZXRlcnRvZGQub3JnPgAKCRAZnIM7qOfwhbuuCADHHZvCbWNR+hj3lq2u
Xjr8POSsMWk4XorvLftgXSzAzypr7n0BP7+fmz/v0J98XfeOHxf8NHB2VXzFMCzI
mstYyFC+gdsPf9eIMoN2S9EB9d4Lh1Y7Zv5BGqopuHCUIVMpzk2QDaFlLe+gW8Ai
p4Yv/jGib8ym1ahJ24nZ89l7Psa+uXDw8N2VX5PcyDNVRwzuXwa0h2Kix/gt8uJb
RV5Sj3duxUE6mOGN07j6lPu9VcrtD0ydvAO3DoEJqkBqjhbC33h05H96KPQKuGcg
5DOKXUV5ChW5CF3DH5HN/LdduLgbTevtLbkBhdLKo+z5GKaU7Qpc5i6dIeAKl3uA
KCQE
=DiAE
-----END PGP SIGNATURE-----
|
