public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: odinn <odinn.cyberguerrilla@riseup.net>
To: jl2012@xbt.hk, "Jonathan Toomim (Toomim Bros)" <j@toom.im>
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Let's deploy BIP65 CHECKLOCKTIMEVERIFY!
Date: Tue, 29 Sep 2015 19:54:41 +0000	[thread overview]
Message-ID: <560AEC81.8040903@riseup.net> (raw)
In-Reply-To: <5e90be1b8f85cd46ed20eae84c062702@xbt.hk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello, (see my remarks below)

jl2012 via bitcoin-dev:
> Jonathan Toomim (Toomim Bros) via bitcoin-dev 於 2015-09-29 09:30 寫
> 到:
>> SPV clients will appear to behave normally, and will continue to
>> show new transactions and get confirmations in a timely fashion.
>> However, they will be systematically susceptible to attack from
>> double-spends that attempt to spend funds in a way that the
>> upgraded nodes will reject. These transactions will appear to
>> get 1 confirmation, then regress to zero conf, every single time.
>> These attacks can be performed for as long as someone mines with
>> the old version.
> 
> 1. Who told you to accept 1-confirmation tx? Satoshi recommended 6 
> confirmations in the whitepaper. Take your own risk if you do not
> follow his advice.
> 
> 2. This is true only if your SPV client naively follows the
> longest chain without even looking at the block version. This might
> be good enough for the 1st generation SPV client, but future
> generations should at least have basic fraud detecting mechanism.
> 
> 

Regarding "basic fraud detecting mechanism" of which you speak, being
as I personally enjoy SPV for the time being (Electrum), and I know
that people will continue to keep using SPV wallets because they are
light and handy, I think that you make a good point that "basic fraud
detecting mechanism" is needed, but how to verify that such a
mechanism in an SPV wallet is good, and/or that the software and
version information provided by the server admins via the banner is
valid (being as it's not validated)?  I have made a thread on this
conundrum.  Which is posted here if you are interested.

https://bitcointalk.org/index.php?topic=1157545.0

So as to avoid repeating stuff please read whole thead before
answering in it or posting back to list.  It seems that there are
definitely unanswered questions...

I may open this up as an issue on https://github.com/spesmilo/electrum
about this stuff, but I wanted to post comment here also, for the record
.


> 
>> If an attacker thinks he could get more than 25 BTC of 
>> double-spends per block, he might even choose to mine with the 
>> obsolete version in order to get predictable orphans and to trick
>> SPV clients and fully verifying wallets on the old version.
> 
> This point is totally irrelevant. No matter there is a softfork or
> not, SPV users are always vulnerable to such double-spending attack
> if they blindly follow the longest chain AND accept 1-confirmation.
> The fiat currency system might be safer for them. 
> _______________________________________________ bitcoin-dev mailing
> list bitcoin-dev@lists.linuxfoundation.org 
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJWCuyBAAoJEGxwq/inSG8CtpAH/R6N1QYzMFWPo75RsP46VYbi
k33QbsbhlEznEEWX/ayKEzmnbt7DkXFXQtesuabongFr9UpwxED0OGQJztyRz5NC
iS8ty+Kfi9/Aq/e79A6IPSYfRCPB1w+oP/cEsV/LB4BPkut2mdpMbdwDZ3TQuLRq
LnFLmz8tY+CUqSbyrPUx/FKJ7ZbQsAlammMTKoUYaAYRytDBPzW4PdYtTyrK2QTK
jjt11n5U8ShmXdsCo/E0pWVbggQlhFgrCoIYjGNfmDyK/eYaskD5O6czIdqd5WPs
P+2zMC1Cukkr5l8BQXiSedVXGpMyaYhMgWB7MD6sNDIAE9IFbfEpkse/Ek4aJII=
=Ud4C
-----END PGP SIGNATURE-----


  reply	other threads:[~2015-09-29 19:54 UTC|newest]

Thread overview: 101+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-09-27 18:50 [bitcoin-dev] Let's deploy BIP65 CHECKLOCKTIMEVERIFY! Peter Todd
2015-09-27 20:26 ` jl2012
2015-09-27 20:27   ` Peter Todd
2015-09-27 20:27 ` Mark Friedenbach
2015-09-27 20:41 ` Btc Drak
2015-09-28 10:10 ` s7r
2015-09-28 10:48 ` Mike Hearn
2015-09-28 11:00   ` Adam Back
2015-09-28 11:40     ` Mike Hearn
2015-09-28 12:20       ` Eric Lombrozo
2015-09-28 12:26         ` Mike Hearn
2015-09-28 12:44           ` Eric Lombrozo
2015-09-28 12:54             ` Mike Hearn
2015-09-29  6:17               ` Eric Lombrozo
2015-09-29 12:02                 ` Mike Hearn
2015-09-28 14:05       ` Btc Drak
2015-09-28 14:17         ` Mike Hearn
2015-09-28 21:12     ` odinn
2015-09-28 22:16       ` Dave Scotese
2015-09-28 11:04   ` Eric Lombrozo
2015-09-28 12:47   ` Tier Nolan
2015-09-28 13:01   ` Gavin Andresen
2015-09-28 13:28     ` Peter Todd
2015-09-28 13:43       ` Gavin Andresen
2015-09-28 14:14         ` Peter Todd
2015-09-28 13:21   ` Peter Todd
2015-09-28 13:41     ` Mike Hearn
2015-09-28 14:29       ` Peter Todd
2015-09-28 14:33         ` Mike Hearn
2015-09-28 14:43           ` Peter Todd
2015-09-28 14:51             ` Mike Hearn
2015-09-28 15:05               ` Peter Todd
2015-09-28 15:38                 ` Mike Hearn
2015-09-28 16:52                   ` jl2012
2015-09-28 17:14                     ` Mike Hearn
2015-09-28 23:17                       ` Jorge Timón
2015-09-29 12:07                         ` Mike Hearn
2015-09-29 15:09                           ` [bitcoin-dev] Why soft-forks? was: " Santino Napolitano
2015-09-29 13:30             ` [bitcoin-dev] " Jonathan Toomim (Toomim Bros)
2015-09-29 15:59               ` jl2012
2015-09-29 19:54                 ` odinn [this message]
2015-09-29 18:31   ` Gregory Maxwell
2015-09-30 17:11     ` Mike Hearn
2015-09-30 17:58       ` Jorge Timón
2015-10-01 14:23         ` Tom Harding
2015-09-30 18:15       ` Adam Back
2015-09-30 19:26       ` Jeff Garzik
2015-09-30 19:56         ` Mike Hearn
2015-09-30 20:37           ` Jorge Timón
2015-09-30 21:06             ` Mike Hearn
2015-09-30 22:14               ` Jorge Timón
2015-10-01  0:11                 ` Jorge Timón
2015-09-30 22:17           ` Jeff Garzik
2015-09-30 23:25             ` Gregory Maxwell
2015-09-30 20:15       ` Gregory Maxwell
2015-09-30 21:01         ` Mike Hearn
2015-09-30 22:59           ` Gregory Maxwell
2015-10-01  4:08           ` [bitcoin-dev] Crossing the line? [Was: Re: Let's deploy BIP65 CHECKLOCKTIMEVERIFY!] Tao Effect
2015-10-01 16:39             ` Jeff Garzik
2015-10-01 20:17               ` Milly Bitcoin
2015-10-02 12:23               ` Mike Hearn
2015-10-02 13:14                 ` jl2012
2015-10-02 14:10                   ` Marcel Jamin
2015-10-02 16:37                 ` Gregory Maxwell
2015-10-07 15:00     ` [bitcoin-dev] Let's deploy BIP65 CHECKLOCKTIMEVERIFY! Anthony Towns
2015-10-07 15:46       ` Jonathan Toomim (Toomim Bros)
2015-10-07 16:02         ` Eric Lombrozo
2015-10-07 16:25           ` Eric Lombrozo
2015-10-07 16:26           ` Jonathan Toomim (Toomim Bros)
2015-10-07 16:38         ` Anthony Towns
2015-10-10  7:23       ` Anthony Towns
2015-10-12  7:02       ` digitsu
2015-10-12 16:33         ` Anthony Towns
2015-10-12 17:06         ` Anthony Towns
2015-10-13  0:08           ` digitsu
2015-09-29 20:03 ` Wladimir J. van der Laan
2015-09-30  4:05   ` Rusty Russell
2015-09-30  6:19     ` Adam Back
2015-09-30 12:30       ` Mike Hearn
2015-09-30 15:55         ` Jorge Timón
2015-09-30 19:17           ` John Winslow
2015-10-01  0:06             ` Rusty Russell
2015-09-30 17:14         ` Adam Back
2015-10-01  0:04       ` Rusty Russell
2015-10-02  1:57 NotMike Hearn
2015-10-02  2:12 ` GC
2015-10-05 10:59   ` Mike Hearn
2015-10-05 11:23     ` Jeff Garzik
2015-10-05 11:28       ` Mike Hearn
2015-10-05 12:04         ` Jorge Timón
2015-10-05 12:08           ` Clément Elbaz
2015-10-05 12:16             ` Jorge Timón
2015-10-05 12:29               ` Clément Elbaz
2015-10-05 15:42                 ` Jorge Timón
2015-10-05 12:10           ` Mike Hearn
2015-10-05 15:33             ` Jorge Timón
2015-10-05 16:46               ` Mike Hearn
2015-10-06  6:20                 ` Anthony Towns
2015-10-07  6:13                 ` Micha Bailey
2015-10-05 13:29   ` Jorge Timón
2015-10-05 13:24 ` Jorge Timón

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=560AEC81.8040903@riseup.net \
    --to=odinn.cyberguerrilla@riseup.net \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=j@toom.im \
    --cc=jl2012@xbt.hk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox