1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <namanhd@gmail.com>) id 1WDvHq-0006u5-Bq
for bitcoin-development@lists.sourceforge.net;
Thu, 13 Feb 2014 12:21:02 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.212.54 as permitted sender)
client-ip=209.85.212.54; envelope-from=namanhd@gmail.com;
helo=mail-vb0-f54.google.com;
Received: from mail-vb0-f54.google.com ([209.85.212.54])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1WDvHp-0006S1-3M
for bitcoin-development@lists.sourceforge.net;
Thu, 13 Feb 2014 12:21:02 +0000
Received: by mail-vb0-f54.google.com with SMTP id w20so8167512vbb.13
for <bitcoin-development@lists.sourceforge.net>;
Thu, 13 Feb 2014 04:20:55 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.58.169.7 with SMTP id aa7mr805474vec.24.1392294055560; Thu,
13 Feb 2014 04:20:55 -0800 (PST)
Received: by 10.221.49.8 with HTTP; Thu, 13 Feb 2014 04:20:55 -0800 (PST)
In-Reply-To: <CA+SxJWArhdVyfGL=V6wa_EFRC3yGDo6vWus+jx9E=u4i_RJc6Q@mail.gmail.com>
References: <CANAnSg1LgpHGf-vTV0to1Z7sogf1ic6WTbogEsrQy1wh4C5zfw@mail.gmail.com>
<20140210144003.2BDCCDDAEFC@quidecco.de>
<20140210163055.GJ3180@nl.grid.coop>
<CAAS2fgQjKHK4ReQOEtLsTt9KOLxT4G-MiZJ7UKU=qH9ifpuN8g@mail.gmail.com>
<20140210182506.GM3180@nl.grid.coop> <52F91E66.6060305@gmail.com>
<20140210190703.GO3180@nl.grid.coop> <20140210192308.GA17359@savin>
<CA+SxJWBbWH_amgpst9N7nfT4twvfreAhGaxVWZYfTiLjyN8m3g@mail.gmail.com>
<20140210194032.GD17359@savin> <52F9377D.9010405@gmail.com>
<CA+SxJWBM0USWETNeDh-oRgOfrU64GiPbL_Qt5hrFN53C42yNxg@mail.gmail.com>
<CAAS2fgS5=-=6Ws0ofWsyKNHLYQop71kOjBCtF6TUMOmVgHtU_g@mail.gmail.com>
<CA+SxJWArhdVyfGL=V6wa_EFRC3yGDo6vWus+jx9E=u4i_RJc6Q@mail.gmail.com>
Date: Thu, 13 Feb 2014 17:50:55 +0530
Message-ID: <CA+SxJWAm7mDLG7ymggsJb9M=CgrLObuM7z8XVyEs+ty+266XoA@mail.gmail.com>
From: naman naman <namanhd@gmail.com>
To: Gregory Maxwell <gmaxwell@gmail.com>
Content-Type: multipart/alternative; boundary=047d7b6dcf429acdb204f248b8b0
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(namanhd[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WDvHp-0006S1-3M
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>,
Vocatus Gate <vocatus.gate@gmail.com>
Subject: Re: [Bitcoin-development] MtGox blames bitcoin
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2014 12:21:02 -0000
--047d7b6dcf429acdb204f248b8b0
Content-Type: text/plain; charset=ISO-8859-1
Hi guys,
I with all thats happening now I think (yea no hard proof) most of it is
being done on purpose (transaction mutation) by some pool/entity.
I have posted here https://bitcointalk.org/index.php?topic=463350.0 of how
to go about finding out if its some pool doing it. This does in no way
solve "fix" the malleability issue BUT IMHO it might help "alleviate" the
problem we are facing at a network level.
Please have a look if possible.
Kind Regards,
thenoblebot
On Wed, Feb 12, 2014 at 2:26 AM, naman naman <namanhd@gmail.com> wrote:
> Gregory Maxwell says : "Try paying a consultant if your ego demands that
> you have a technical
>
> expert to entertain your musing with immediate response."
>
> I don't know why your resorting to such an adhominem. But I have already
> said that you were the only one who responded. Your response was correct as
> is reflected in the conversation on the forums. No doubting that. But it
> does not address the full scope of the attack where a small pool would
> intentionally (or out of whatever reason) make the hash invalid for the txs
> they recieve. So that leaves a whole lot of businesses in the lurch who
> have relied on txid (albeit wrongly that) for their tracking purposes.
> Thats all I'm trying to say, without blaming anyone.
>
> Hope it makes sense.
>
>
> On Wed, Feb 12, 2014 at 2:19 AM, Gregory Maxwell <gmaxwell@gmail.com>wrote:
>
>> On Tue, Feb 11, 2014 at 12:42 PM, naman naman <namanhd@gmail.com> wrote:
>> > I was talking about a DOS attack in
>> > https://bitcointalk.org/index.php?topic=458608.0 (ofcourse only
>> applicable
>> > to entitys doing the tracking with txids).
>> >
>> > Amazing how I did not get a response from any of the devs (except Greg's
>> > response
>> > https://bitcointalk.org/index.php?topic=458608.msg5063789#msg5063789but
>> > that too was short and not concerning the attack scenario plausibiity
>> as I
>> > replied to him).
>>
>> Try paying a consultant if your ego demands that you have a technical
>> expert to entertain your musing with immediate response.
>>
>> My response was absolutely relevant.
>>
>> If you reissue a transaction without respending the prior transactions
>> coins, you will end up double paying. Only spending the inputs in
>> question can prevent the prior transaction (itself or in other form)
>> from going through.
>>
>> Once you respend the inputs there is no risk of actually losing funds
>> due to an issue regardless of how you track coins in your higher level
>> application.
>>
>
>
--047d7b6dcf429acdb204f248b8b0
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hi guys,<div><br><div>I with all thats happening now I thi=
nk (yea no hard proof) most of it is being done on purpose (transaction mut=
ation) by some pool/entity.</div><div>I have posted here=A0<a href=3D"https=
://bitcointalk.org/index.php?topic=3D463350.0">https://bitcointalk.org/inde=
x.php?topic=3D463350.0</a> of how to go about finding out if its some pool =
doing it. This does in no way solve "fix" the malleability issue =
BUT IMHO it might help "alleviate" the problem we are facing at a=
network level.</div>
<div>Please have a look if possible.</div><div><br></div><div>Kind Regards,=
</div></div><div>thenoblebot</div></div><div class=3D"gmail_extra"><br><br>=
<div class=3D"gmail_quote">On Wed, Feb 12, 2014 at 2:26 AM, naman naman <sp=
an dir=3D"ltr"><<a href=3D"mailto:namanhd@gmail.com" target=3D"_blank">n=
amanhd@gmail.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr">Gregory Maxwell says : &quo=
t;<span style=3D"font-family:arial,sans-serif;font-size:13px">Try paying a =
consultant if your ego demands that you have a technical</span><div class=
=3D"">
<br style=3D"font-family:arial,sans-serif;font-size:13px">
<span style=3D"font-family:arial,sans-serif;font-size:13px">expert to enter=
tain your musing with immediate response."</span><div><span style=3D"f=
ont-family:arial,sans-serif;font-size:13px"><br></span></div></div><div><sp=
an style=3D"font-family:arial,sans-serif;font-size:13px">I don't know w=
hy your resorting to such an adhominem. But I have already said that you we=
re the only one who responded. Your response was correct as is reflected in=
the conversation on the forums. No doubting that. But it does not address =
the full scope of the attack where a small pool would intentionally (or out=
of whatever reason) make the hash invalid for the txs they recieve. So tha=
t leaves a whole lot of businesses in the lurch who have relied on txid (al=
beit wrongly that) for their tracking purposes. Thats all I'm trying to=
say, without blaming anyone.=A0</span></div>
<div><span style=3D"font-family:arial,sans-serif;font-size:13px"><br></span=
></div><div><span style=3D"font-family:arial,sans-serif;font-size:13px">Hop=
e it makes sense.</span></div></div><div class=3D"HOEnZb"><div class=3D"h5"=
><div class=3D"gmail_extra">
<br><br><div class=3D"gmail_quote">
On Wed, Feb 12, 2014 at 2:19 AM, Gregory Maxwell <span dir=3D"ltr"><<a h=
ref=3D"mailto:gmaxwell@gmail.com" target=3D"_blank">gmaxwell@gmail.com</a>&=
gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 =
0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>On Tue, Feb 11, 2014 at 12:42 PM, naman naman <<a href=3D"mailto:na=
manhd@gmail.com" target=3D"_blank">namanhd@gmail.com</a>> wrote:<br>
> I was talking about a DOS attack in<br>
> <a href=3D"https://bitcointalk.org/index.php?topic=3D458608.0" target=
=3D"_blank">https://bitcointalk.org/index.php?topic=3D458608.0</a> (ofcours=
e only applicable<br>
> to entitys doing the tracking with txids).<br>
><br>
> Amazing how I did not get a response from any of the devs (except Greg=
's<br>
> response<br>
> <a href=3D"https://bitcointalk.org/index.php?topic=3D458608.msg5063789=
#msg5063789" target=3D"_blank">https://bitcointalk.org/index.php?topic=3D45=
8608.msg5063789#msg5063789</a> but<br>
> that too was short and not concerning the attack scenario plausibiity =
as I<br>
> replied to him).<br>
<br>
</div>Try paying a consultant if your ego demands that you have a technical=
<br>
expert to entertain your musing with immediate response.<br>
<br>
My response was absolutely relevant.<br>
<br>
If you reissue a transaction without respending the prior transactions<br>
coins, you will end up double paying. Only spending the inputs in<br>
question can prevent the prior transaction (itself or in other form)<br>
from going through.<br>
<br>
Once you respend the inputs there is no risk of actually losing funds<br>
due to an issue regardless of how you track coins in your higher level<br>
application.<br>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
--047d7b6dcf429acdb204f248b8b0--
|
