From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 5AF233EE for ; Wed, 21 Oct 2015 19:27:55 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-io0-f177.google.com (mail-io0-f177.google.com [209.85.223.177]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D4C2B90 for ; Wed, 21 Oct 2015 19:27:54 +0000 (UTC) Received: by iow1 with SMTP id 1so68790221iow.1 for ; Wed, 21 Oct 2015 12:27:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=HXNHY6BAEAOXmQqMOcs4Fqko8WBVJEwq1D+TaDmpBgc=; b=jStWzNlDuZKd74pJ8zXKHN2ELoemjL633EBkLhD8G6RmPWxXlGO3OJRr1lisH+voGV WOfhqXPNIoQhIT8u5xsIpeprCbDitYfUzEvXLypDXmgYPicN7xAU38+BBy4g8GXZGSWZ xyXicz+Hed2XWw/eU0HEu7zYrze83Ltp4x7I409Ej1ee+k0XZCdtfeWRn8VqJBuVQovn 2d3cuGbL32U+Y2cD3eBFG098MvtO6KGdk8QaFYFAFTiW9lypcCbPnhntDeE8LWVl39Du g9ZOvmwgu01T657mAe1W1xHKdNA+FBu5sesQgJ4SSXBVp8k0/FSQcIiT0TsqXUL6oQnj DXKA== MIME-Version: 1.0 X-Received: by 10.107.30.78 with SMTP id e75mr12697094ioe.150.1445455674303; Wed, 21 Oct 2015 12:27:54 -0700 (PDT) Received: by 10.107.23.197 with HTTP; Wed, 21 Oct 2015 12:27:54 -0700 (PDT) In-Reply-To: References: <201510210839.42420.luke@dashjr.org> <201510210846.43988.luke@dashjr.org> Date: Wed, 21 Oct 2015 19:27:54 +0000 Message-ID: From: Gregory Maxwell To: Danny Thorpe Content-Type: text/plain; charset=UTF-8 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] [BIP] Normalized transaction IDs X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2015 19:27:55 -0000 On Wed, Oct 21, 2015 at 6:22 PM, Danny Thorpe via bitcoin-dev wrote: > outputs) seems like quite a different hazard than a malicious third party > modifying a transaction in the mempool by twiddling opcodes in the signature > scripts. The former seems like more a matter of keeping your own house in Indeed they are different, but canonical encoding enforcement prevents the third party malleability completely on ordinary transactions. It is an an _immediate_ solution which is already deployed as a standardness rule-- once miners update to 0.11.1 or 0.10.3 (or equivalent) only miners will be able to malleable ordinary payments, to the best of our current understanding. [snip] > proposal. Baby steps. Normalized transaction IDs provide an immediate > benefit against the hazard of third party manipulation of transactions in > the mempool, even without canonical ordering. The thing being discussed here does not provide an immediate benefit to that particular issue. It addresses multistep contracts and other cases. But it does not prevent third party mutation until people change their public keys to new scheme (which based on p2sh we should expect a well over a year deployment), which they cannot being doing until a soft fork is made and settled in the network, for which the code is not yet written. CLTV suggests that the current timeframe for a soft fork is around a year and though I'd like to see that improved. So canonical encoding is both sufficient (to the best of our current understanding) for preventing third party malleability on ordinary transactions, and the _only_ option for to have an actually immediate benefit. Please don't mix up third party malleability with this work which is important in its own right.