On Fri, May 15, 2015 at 10:54 AM, s7r <s7r@sky-ip.org> wrote:

Hello,

How will this exactly be safe against:
a) the malleability of the parent tx (2nd level malleability)

The signature signs everything except the signature itself. The normalized txid doesn't include that signature, so mutations of the signature don't cause the normalized txid to change.

If the refund transaction refers to the parent using the normalised txid, then it doesn't matter if the parent has a mutated signature. The normalized transaction ignores the mutation.

If the parent is mutated, then the refund doesn't even have to be modified, it still refers to it.

If you want a multi-level refund transaction, then all refund transactions must use the normalized txids to refer to their parents. The "root" transaction is submitted to the blockchain and locked down.

b) replays

If there are 2 transactions which are mutations of each other, then only one can be added to the block chain, since the other is a double spend.

The normalized txid refers to all of them, rather than a specific transaction.

If you strip just the scriptSig of the input(s), the txid(s) can still
be mutated (with higher probability before it gets confirmed).

Mutation is only a problem if it occurs after signing. The signature signs everything except the signature itself.

If you strip both the scriptSig of the parent and the txid, nothing can
any longer be mutated but this is not safe against replays.

Correct, but normalized txids are safe against replays, so are better.

I think the new signature opcode fixes things too. The question is hard fork but clean solution vs a soft fork but a little more hassle.