From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 342C8258 for ; Thu, 22 Oct 2015 09:05:49 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from zinan.dashjr.org (zinan.dashjr.org [192.3.11.21]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id D4F4290 for ; Thu, 22 Oct 2015 09:05:48 +0000 (UTC) Received: from ishibashi.localnet (unknown [IPv6:2001:470:5:265:61b6:56a6:b03d:28d6]) (Authenticated sender: luke-jr) by zinan.dashjr.org (Postfix) with ESMTPSA id F224738A4FC6; Thu, 22 Oct 2015 09:05:27 +0000 (UTC) X-Hashcash: 1:25:151022:decker.christian@gmail.com::2Kv+6yb+iIKHxdOT:aalj8 X-Hashcash: 1:25:151022:danny.thorpe@gmail.com::6NcpKA6ZBlcYGAh1:vQjF X-Hashcash: 1:25:151022:bitcoin-dev@lists.linuxfoundation.org::KRo=Mrsojm+7gEp6:zwxd From: Luke Dashjr To: Christian Decker Date: Thu, 22 Oct 2015 09:05:26 +0000 User-Agent: KMail/1.13.7 (Linux/4.1.9-gentoo-r1; KDE/4.14.8; x86_64; ; ) References: <201510212320.31052.luke@dashjr.org> In-Reply-To: X-PGP-Key-Fingerprint: E463 A93F 5F31 17EE DE6C 7316 BD02 9424 21F4 889F X-PGP-Key-ID: BD02942421F4889F X-PGP-Keyserver: hkp://pgp.mit.edu MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Message-Id: <201510220905.27124.luke@dashjr.org> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] [BIP] Normalized transaction IDs X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Oct 2015 09:05:49 -0000 On Thursday, October 22, 2015 8:26:58 AM Christian Decker wrote: > I think the scenario of the single signer re-ordering the outputs and > inputs and then re-signing the transaction is in the same category of > simple double-spends. The signer could just as well sign a completely > different transaction spending the same coins to somewhere else, so I don't > think there is a lot we can do about it even if we instate a canonical > ordering. Even if we order the inputs and outputs the signer can just add a > new input and output and we would have a different transaction. > > Normalized transaction IDs do help in the case that the single signer wants > to immediately follow up its transaction with another transaction spending > the first one's change output, and it prevents any modification in the > multi-signer scenario. Except that unlike malicious double spending, adding more outputs to unconfirmed transactions is what wallets *should ideally be doing every time they send another transaction*. Spending unconfirmed change is the wrong approach. So half-fixing malleability as this PR would, encourages inefficient behaviour in multiple ways (first, by not making it malleability- safe; second, by encouraging spending unconfirmed change). Luke