From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WICXQ-0001zc-IM for bitcoin-development@lists.sourceforge.net; Tue, 25 Feb 2014 07:34:48 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.220.180 as permitted sender) client-ip=209.85.220.180; envelope-from=namanhd@gmail.com; helo=mail-vc0-f180.google.com; Received: from mail-vc0-f180.google.com ([209.85.220.180]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1WICXP-0002ZP-EP for bitcoin-development@lists.sourceforge.net; Tue, 25 Feb 2014 07:34:48 +0000 Received: by mail-vc0-f180.google.com with SMTP id ks9so6854884vcb.39 for ; Mon, 24 Feb 2014 23:34:42 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.58.252.8 with SMTP id zo8mr35446vec.55.1393313681959; Mon, 24 Feb 2014 23:34:41 -0800 (PST) Received: by 10.221.49.8 with HTTP; Mon, 24 Feb 2014 23:34:41 -0800 (PST) In-Reply-To: <20140225044116.GA28050@savin> References: <20140225044116.GA28050@savin> Date: Tue, 25 Feb 2014 13:04:41 +0530 Message-ID: From: naman naman To: Peter Todd Content-Type: multipart/alternative; boundary=047d7b6d8e6012f04004f3361f0b X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (namanhd[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1WICXP-0002ZP-EP Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Fee drop X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Feb 2014 07:34:48 -0000 --047d7b6d8e6012f04004f3361f0b Content-Type: text/plain; charset=ISO-8859-1 I quite agree with Peter, anything that can be exploited will be exploited, just like malleability was. On Tue, Feb 25, 2014 at 10:11 AM, Peter Todd wrote: > So, just to be clear, we're adding, say, a memory limited mempool or > something prior to release so this fee drop doesn't open up an obvious > low-risk DDoS exploit.... right? As we all know, the network bandwidth > DoS attack mitigation strategy relies on transactions we accept to > mempools getting mined, and the clearance rate of the new low-fee > transactions is going to be pretty small; we've already had problems in > the past with mempool growth in periods of high demand. Equally it > should be obvious to people how you can create large groups of low-fee > transactions, and then cheaply double-spend them with higher fee > transactions to suck up network bandwidth - just like I raised for the > equally foolish double-spend propagation pull-req. > > Of course, there's also the problem that we're basically lying to people > about whether or not Bitcoin is a good medium for microtransactions. > It's not. Saying otherwise by releasing software that has known and > obvious DoS attack vulnerabilities that didn't exist in the previous > version is irresponsible on multiple levels. > > -- > 'peter'[:-1]@petertodd.org > 0000000000000000b28e2818c4d8019fb71e33ec2d223f5e09394a89caccf4e2 > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool. > > http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > --047d7b6d8e6012f04004f3361f0b Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
I quite agree with Peter, anything that can be exploited w= ill be exploited, just like malleability was.


On Tue, Feb 25, 2014 at 10:11 AM, Pet= er Todd <pete@petertodd.org> wrote:
So, just to be clear, we're adding, say,= a memory limited mempool or
something prior to release so this fee drop doesn't open up an obvious<= br> low-risk DDoS exploit.... right? As we all know, the network bandwidth
DoS attack mitigation strategy relies on transactions we accept to
mempools getting mined, and the clearance rate of the new low-fee
transactions is going to be pretty small; we've already had problems in=
the past with mempool growth in periods of high demand. Equally it
should be obvious to people how you can create large groups of low-fee
transactions, and then cheaply double-spend them with higher fee
transactions to suck up network bandwidth - just like I raised for the
equally foolish double-spend propagation pull-req.

Of course, there's also the problem that we're basically lying to p= eople
about whether or not Bitcoin is a good medium for microtransactions.
It's not. Saying otherwise by releasing software that has known and
obvious DoS attack vulnerabilities that didn't exist in the previous version is irresponsible on multiple levels.

--
'peter'[:-1]@pet= ertodd.org
0000000000000000b28e2818c4d8019fb71e33ec2d223f5e09394a89caccf4e2

---------------------------------------------------------= ---------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D126839071&iu=3D/4140/ostg.clktrk
__________________= _____________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment


--047d7b6d8e6012f04004f3361f0b--