From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WDkSP-0005Kk-2u for bitcoin-development@lists.sourceforge.net; Thu, 13 Feb 2014 00:47:13 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.217.177 as permitted sender) client-ip=209.85.217.177; envelope-from=gmaxwell@gmail.com; helo=mail-lb0-f177.google.com; Received: from mail-lb0-f177.google.com ([209.85.217.177]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1WDkSO-0002Au-Ab for bitcoin-development@lists.sourceforge.net; Thu, 13 Feb 2014 00:47:13 +0000 Received: by mail-lb0-f177.google.com with SMTP id 10so6077291lbg.8 for ; Wed, 12 Feb 2014 16:47:05 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.112.236.3 with SMTP id uq3mr31510336lbc.14.1392252425707; Wed, 12 Feb 2014 16:47:05 -0800 (PST) Received: by 10.112.198.34 with HTTP; Wed, 12 Feb 2014 16:47:05 -0800 (PST) In-Reply-To: References: <52FBD948.906@monetize.io> <201402122252.31060.luke@dashjr.org> Date: Wed, 12 Feb 2014 16:47:05 -0800 Message-ID: From: Gregory Maxwell To: Alex Morcos Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1WDkSO-0002Au-Ab Cc: Bitcoin Development Subject: Re: [Bitcoin-development] [RFC] [BIP proposal] Dealing with malleability X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Feb 2014 00:47:13 -0000 On Wed, Feb 12, 2014 at 4:39 PM, Alex Morcos wrote: > I apologize if this has been discussed many times before. It has been, but there are probably many people like you who have not bothered researching who may also be curious. > As a long term solution to malleable transactions, wouldn't it be possibl= e > to modify the signatures to be of the entire transaction. Why do you hav= e > to zero out the inputs? I can see that this would be a hard fork, and ma= ybe > it would be somewhat tricky to extract signatures first (since you can si= gn > everything except the signatures), but it would seem to me that this is a= n > important enough change to consider making. Because doing so would be both unnecessary and ineffective. Unnecessary because we can very likely eliminate malleability without changing what is signed. It will take time, but we have been incrementally moving towards that, e.g. v0.8 made many kinds of non-canonical encoding non-standard. Ineffective=E2=80=94 at least as you describe it=E2=80=94 because the signa= tures _themselves_ are malleable.