From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YE1US-00031U-P4 for bitcoin-development@lists.sourceforge.net; Wed, 21 Jan 2015 20:03:00 +0000 Received: from mail-bn1bon0110.outbound.protection.outlook.com ([157.56.111.110] helo=na01-bn1-obe.outbound.protection.outlook.com) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1YE1UR-0001Zx-6u for bitcoin-development@lists.sourceforge.net; Wed, 21 Jan 2015 20:03:00 +0000 Received: from [192.168.1.230] (209.6.53.207) by BY2PR06MB613.namprd06.prod.outlook.com (10.141.222.145) with Microsoft SMTP Server (TLS) id 15.1.59.20; Wed, 21 Jan 2015 19:29:59 +0000 Message-ID: <54BFFE30.8010105@bitcoinarmory.com> Date: Wed, 21 Jan 2015 14:29:52 -0500 From: Douglas Roark User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Bitcoin Dev References: In-Reply-To: Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-Originating-IP: [209.6.53.207] X-ClientProxiedBy: CO2PR11CA0012.namprd11.prod.outlook.com (10.141.242.150) To BY2PR06MB613.namprd06.prod.outlook.com (10.141.222.145) Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=doug@bitcoinarmory.com; X-DmarcAction-Test: None X-Microsoft-Antispam: UriScan:; X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(3005004);SRVR:BY2PR06MB613; X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004); SRVR:BY2PR06MB613; X-Forefront-PRVS: 04631F8F77 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6049001)(6009001)(53754006)(199003)(479174004)(189002)(24454002)(46102003)(50466002)(83506001)(106356001)(117156001)(105586002)(59896002)(68736005)(77096005)(42186005)(110136001)(65816999)(54356999)(23746002)(36756003)(50986999)(33656002)(87266999)(76176999)(15975445007)(80316001)(19580405001)(19580395003)(64126003)(122386002)(101416001)(97736003)(92566002)(40100003)(86362001)(575784001)(77156002)(450100001)(87976001)(47776003)(107886001)(66066001)(64706001)(65806001)(2950100001)(65956001)(19627235001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR06MB613; H:[192.168.1.230]; FPR:; SPF:None; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: bitcoinarmory.com does not designate permitted sender hosts) X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:BY2PR06MB613; X-OriginatorOrg: bitcoinarmory.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jan 2015 19:29:59.3345 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR06MB613 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [157.56.111.110 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1YE1UR-0001Zx-6u Subject: Re: [Bitcoin-development] [softfork proposal] Strict DER signatures X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2015 20:03:00 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2015/1/20 19:35, Pieter Wuille wrote:> Hello everyone, > Comments/criticisms are very welcome, but I'd prefer keeping the > discussion here on the mailinglist (which is more accessible than > on the gist). Nice paper, Pieter. I do have a bit of feedback. 1)The first sentence of "Deployment" has a typo. "We reuse the double-threshold switchover mechanism from BIP 34, with the same *thresholds*, [....]" 2)I think the handling of the sighash byte in the comments of IsDERSignature() could use a little tweaking. If you look at CheckSignatureEncoding() in the actual code (src/script/interpreter.cpp in master), it's clear that the sighash byte is included as part of the signature struct, even though it's not part of the actual DER encoding being checked by IsDERSignature(). This is fine. I just think that the code comments in the paper ought to make this point clearer, either in the sighash description, or as a comment when checking the sig size (i.e., size-3 is valid because sighash is included), or both. 3)The paper says a sig with size=0 is correctly coded but is neither valid nor DER. Perhaps this code should be elsewhere in the Bitcoin code? It seems to me that letting a sig pass in IsDERSignature() when it's not actually DER-encoded is incorrect. Thanks. - --- Douglas Roark Senior Developer Armory Technologies, Inc. doug@bitcoinarmory.com PGP key ID: 92ADC0D7 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJUv/4vAAoJEGybVGGSrcDXMxkP/1N2lLAloCKdRUpMBLPEZ5jh bJ4reCeqrMy6JetsKSGfGKdAe7kGkeRl6s8dlHYnpUmnODXU9BCku3zHi3+qm8IC GZlwSdSSgmRneP7btPula0CG31o7X2UJiDW/2IOZl6ul8b7LB2L56O+Ew+PNm+at tCfRcpKtq9LYCnRYR0azd4c5YY9/o7zlkpGi8CututzuEa4Rcm92U1extoo2tC/j nzUfbfcQVL0a7JaRU4VYNceYrcG/xSpKPjsEU/F+5IwnUxL/kebz0EDt1kzm+fOE EMUMXyYgoyW5VDFNjxu00PnJUfVNCOXN/N/h9eCdskCL3AtH6xg1kzam5OGvpEZS QDMNSmQl4Zpx5WiATylNkhhzb/8GowamkSFg4SUjBsjpwOTMTIF0Qhnt+DdzwpI2 etxCGds154nL4p/bkulseczwxOZWin9oZxJnCxp40oFl8fva0BwHVx45uMyI61Ko qRJ9Ol0CDoId3h1EMTt4uyoNxrOzgrj8/+V4BBytOAMMmsfD0VgY68xzdywJxYnC jgU99huhwtJpn9QT6JAbgPAaboomu6hDCohV+J+DCCkIiYFk1jxp+FQ4xZDzcKeo gMYpmFefPAxnHvDXf1v1A+Xw8plN6/NREaIpprh7Ep+q/8vYAiwwHfKjubdMkB3D WnTR5YbqyGxc/Pvh9Ncq =C/wj -----END PGP SIGNATURE-----