From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id CDC90B01 for ; Sat, 10 Sep 2016 01:31:06 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qk0-f173.google.com (mail-qk0-f173.google.com [209.85.220.173]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2B88F26F for ; Sat, 10 Sep 2016 01:31:06 +0000 (UTC) Received: by mail-qk0-f173.google.com with SMTP id w204so95914923qka.0 for ; Fri, 09 Sep 2016 18:31:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=R2kfURSO6/52YbYf6ERBpn9X7OnWTmmnJVN3RQZIcoI=; b=ZEpWvZN+Ipdl+ZFdN5Pc3p7qraa/cWeO9zNnFVepX6nNJQgoghKO8/tWauERKWbqbV abUObbIWFT9imuWts4UKkaMNOMNBuVot7XF/ldxeAJUqBgmmtLl/9Mv/ieKo2/4fA/X6 E6ZFEA/1zbDTiim8F0UdJbTGG5ewrqlRKypssRpycM+dZziIChbyq6ZBobqbcLXJCSjN MYxaoyRy2QSPRpt957IjHDx2yoagLWHK+XnEZ473Jgo/8tu+EXr6Q96ZwSUiUjN6RdMv pI6yvO0Wc/YhGz+5Cgj3GZedkY18cTJBHc7xNCMcc8EMMVbNQZVs3VJRMS7+W7q46ZGz XHVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=R2kfURSO6/52YbYf6ERBpn9X7OnWTmmnJVN3RQZIcoI=; b=I6YDVHoYBo5+JvgNcYWqoVFKvQXORUqsZQ6KxIlPdRaSp8KmEoTvLnFG4WcKz62FeH /P2SYnrqgyWqW7WRqeVGbfmQ2ggsuS3rnI09jCGLWOVfsrZI0EpuP071wEOKBlEhQmv+ N8bh5ijMIGM0GlsRwYDbT/sNd2yss3+sPfjnjJUWb3BNxeupZVCRGIGziImCDInVMZym JG/ZN6d4EwPIwqa0PKsDuBnwgvmoh/eFyvO1QUtBMRy9AKQHLjTEsOKYjoVOD1DBn78S QloTorUphqGtN4fzdpMc2z4iHyk6M/6P/KVtKJXXhdOarwWk0EANn2sakH2g3Y0plC86 QzJg== X-Gm-Message-State: AE9vXwPt2Pni0rycppD4/IBdh0vCBhpP6wrouX9IwjlaWPDbG+XOcYmzGcdUgdEkDP6x+g== X-Received: by 10.55.42.5 with SMTP id q5mr7596678qkh.232.1473471065397; Fri, 09 Sep 2016 18:31:05 -0700 (PDT) Received: from [192.168.1.2] ([129.2.206.174]) by smtp.gmail.com with ESMTPSA id r4sm3689061qkr.28.2016.09.09.18.31.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 09 Sep 2016 18:31:04 -0700 (PDT) To: Gregory Maxwell , Bitcoin Protocol Discussion References: From: Andrew C Message-ID: <38df6d39-5c88-9f01-3457-77c882440d42@gmail.com> Date: Fri, 9 Sep 2016 21:31:16 -0400 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Completing the retirement of the alert system X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Sep 2016 01:31:06 -0000 ACK Armory used to contain code for handling these alerts but that was removed after the PR removing alerts from Bitcoin Core was merged. On 9/9/2016 8:42 PM, Gregory Maxwell via bitcoin-dev wrote: > The alert system was a centralized facility to allow trusted parties > to send messages to be displayed in wallet software (and, very early > on, actually remotely trigger the software to stop transacting). > > It has been removed completely in Bitcoin Core after being disabled for= a while. > > While the system had some potential uses, there were a number of > problems with it. > > The alert system was a frequent source of misunderstanding about the > security model and 'effective governance', for example a years ago a > BitcoinJ developer wanted it to be used to control fee levels on the > network and few months back one of Bloq's staff was pushing for a > scheme where "the developers" would use it to remotely change the > difficulty-- apparently with no idea how abhorrent others would find > it. > > The system also had a problem of not being scalable to different > software vendors-- it didn't really make sense that core would have > that facility but armory had to do something different (nor would it > really make sense to constantly have to maintain some list of keys in > the node software). > > It also had the problem of being unaccountable. No one can tell which > of the key holders created a message. This creates a risk of misuse > with a false origin to attack someone's reputation. > > Finally, there is good reason to believe that the key has been > compromised-- It was provided to MTGox by a developer and MTGox's > systems' were compromised and later their CEO's equipment taken by the > Japanese police. > > In any case, it's gone now in Core and most other current software-- > and I think it's time to fully deactivate it. > > I've spent some time going around the internet looking for all > software that contains this key (which included a few altcoins) and > asked them to remove it. I will continue to do that. > > One of the facilities in the alert system is that you can send a > maximum sequence alert which cannot be overridden and displays only a > static key compromise text message and blocks all other alerts. I plan > to send a triggering alert in the not-distant future (exact time to be > announced well in advance) feedback on timing would be welcome. > > There are likely a few production systems that automatically shut down > when there is an alert, so this risks some small one-time disruption > of those services-- but none worse than if an alert were sent to > advise about a new system upgrade. > > At some point after that, I would then plan to disclose this private > key in public, eliminating any further potential of reputation attacks > and diminishing the risk of misunderstanding the key as some special > trusted source of authority. > > Cheers, > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev