public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Chris Stewart <chris@suredbits.com>
To: Tao Effect <contact@taoeffect.com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Updating the Scaling Roadmap
Date: Wed, 12 Jul 2017 14:34:54 -0500	[thread overview]
Message-ID: <CAGL6+mGEBhn3fjTN5APX3kQjEFjGsG_2LEL_LgXiPOP=xoAZuQ@mail.gmail.com> (raw)
In-Reply-To: <26FE0468-7049-4BE0-948F-D5E40FE2CBAC@taoeffect.com>

[-- Attachment #1: Type: text/plain, Size: 4453 bytes --]

Hi Greg,

The safest way to ensure everyone's protection to make sure *no one can do
anything*. Then we will ALL be safe ;).

>If so, please leave, you are compromising Bitcoin's security.

Ok, let's calm down.

>If I design a car that has a button that randomly causes the brakes to
give out if pressed, is that a good idea? Can I justify pushing for such a
"feature" just because it's "opt-in"?

It would be more like "should we allow a car on the road if we know
statistically that our brakes give out in every 1/100,000,000 cars"? There
is security risks with everything in life -- we need to quantify the risk
to see if it is worth taking. I think Paul has been pretty upfront about
the risks of his model. I think you did a good job of demonstrating it in
the email I cited too.

>It is how *insecure* systems are designed.

By your account bitcoin is already insecure then -- it allows anyone can
spend outputs that can be claimed by miners.

>Sure, happy to, as soon as I have it written up in detail.

I look forward to this!

-Chris

On Wed, Jul 12, 2017 at 2:24 PM, Tao Effect <contact@taoeffect.com> wrote:

> Dear Chris,
>
> I think this is an unfair characterization. You have to opt into using
> drivechains.
>
>
> I have heard this nonsense repeated countless times in order to justify
> adopting Drivechain.
>
> This is not how security works.
>
> A child can "opt-in" to using a loaded gun, but is it a good idea to make
> it easy for them to do that?
>
> No.
>
> This is effectively the same thing Drivechains is doing.
>
> It is a request to modify the Bitcoin protocol to make it easy for Bitcoin
> users to give their Bitcoins to miners.
>
> Does that sound like a good idea to anyone?
>
> If so, please leave, you are compromising Bitcoin's security.
>
> Security is about making it difficult to shoot yourself in the face.
>
> If I design a car that has a button that randomly causes the brakes to
> give out if pressed, is that a good idea? Can I justify pushing for such a
> "feature" just because it's "opt-in"?
>
> No. That is fallacy.
>
> It is not how secure systems are designed.
>
> It is how *insecure* systems are designed.
>
> Care to share? I'm unaware if there is.
>
>
> Sure, happy to, as soon as I have it written up in detail.
>
> Kind regards,
> Greg Slepak
>
> --
> Please do not email me anything that you are not comfortable also sharing with
> the NSA.
>
> On Jul 12, 2017, at 12:19 PM, Chris Stewart <chris@suredbits.com> wrote:
>
> Hi Greg,
>
> >Here, you admit that the security of the sidechains allows miners to
> steal bitcoins, something they cannot do currently.
>
> If I put my coins in an anyone can spend output, a miner will take them.
> They can do this today. I suggest you try it if you don't believe me :-).
> You have to be more specific with contract types instead of generically
> talking about 'all contracts ever'.
>
> > Drivechain is an unmistakeable weakening of Bitcoin's security
> guarantees. This you have not denied.
>
> I think this is an unfair characterization. You have to opt into using
> drivechains. Other outputs such as P2PKH/Multisig etc are unaffected by a
> drivechain output. As Pieter Wuille stated earlier in this thread (and Paul
> has stated all along), drivechain outputs have a different security model
> than other contracts. Namely they are controlled by miners. I think we can
> all agree this is unfortunate, but it is the current reality we live in. I
> look forward to the day we can solve the 'ownership' problem so we can have
> trustless interoperable blockchains, but that day is not today.
>
> As a reminder, most users will not have to go through the drivechain
> withdrawal process. Most withdrawals will be done via atomic swaps.
>
> >There is no reason to weaken Bitcoin's security in such a dramatic
> fashion. Better options are being worked on, they just take time.
>
> Care to share? I'm unaware if there is.
>
> >https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-June/014600.
> html
>
> Everyone should re-read this email though, this is something that could
> happen. Paul's design makes it so that if this occurs it is *VERY* obvious.
> I guess we can argue if there is any difference between an obvious robbery
> vs a hidden robbery, but I think if we have to pick one or the other the
> choice is clear to me. Other designs (that I'm aware of) for sidechains had
> attack vectors that weren't so obvious.
>
> -Chris
>
>
>
>
>

[-- Attachment #2: Type: text/html, Size: 7769 bytes --]

  reply	other threads:[~2017-07-12 19:34 UTC|newest]

Thread overview: 57+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-07-10 16:50 [bitcoin-dev] Updating the Scaling Roadmap Paul Sztorc
2017-07-11 16:03 ` Chris Stewart
2017-07-11 16:49   ` Adam Back
2017-07-11 20:01   ` Pieter Wuille
2017-07-11 20:36     ` Paul Sztorc
2017-07-11 21:40       ` Pieter Wuille
2017-07-11 22:49         ` Paul Sztorc
2017-07-11 21:16     ` CryptAxe
2017-07-11 20:18   ` Paul Sztorc
2017-07-11 21:31     ` Gregory Maxwell
2017-07-11 22:27       ` Paul Sztorc
2017-07-11 21:11 ` Gregory Maxwell
2017-07-11 21:40   ` Gregory Maxwell
2017-07-11 22:17   ` Paul Sztorc
2017-07-11 22:41     ` Tao Effect
2017-07-11 22:57       ` Paul Sztorc
2017-07-11 23:12         ` Tao Effect
2017-07-12  0:21           ` Paul Sztorc
2017-07-12  7:27             ` Jacob Eliosoff
2017-07-12 19:19           ` Chris Stewart
2017-07-12 19:24             ` Tao Effect
2017-07-12 19:34               ` Chris Stewart [this message]
2017-07-12 19:42                 ` Tao Effect
2017-07-12 19:54                   ` CryptAxe
2017-07-12 21:55                     ` Tao Effect
2017-07-12 22:07                       ` CryptAxe
2017-07-11 23:36     ` Bryan Bishop
2017-07-12  0:07     ` Gregory Maxwell
2017-07-12  1:40       ` Paul Sztorc
2017-07-12  2:48         ` Bryan Bishop
2017-07-12  3:33         ` Gregory Maxwell
2017-07-12  6:17           ` [bitcoin-dev] how to disable segwit in my build? Dan Libby
2017-07-13  1:04             ` Gregory Maxwell
2017-07-13 13:11               ` Federico Tenga
2017-07-13 13:39                 ` Hampus Sjöberg
2017-07-13 16:19                   ` Dan Libby
2017-07-13 16:35                     ` Jameson Lopp
2017-07-13 21:58                       ` Dan Libby
2017-07-13 22:50                         ` Hampus Sjöberg
2017-07-13 23:20                           ` Dan Libby
2017-07-14  8:52                             ` Hampus Sjöberg
2017-07-14  9:03                             ` Tier Nolan
2017-07-13 23:19                         ` Lucas Clemente Vella
2017-07-13 16:05               ` Dan Libby
2017-07-14 21:11               ` Troy Benjegerdes
2017-07-13  1:48             ` Anthony Towns
2017-07-13 16:13               ` Dan Libby
2017-07-12  1:22   ` [bitcoin-dev] Updating the Scaling Roadmap Karl Johan Alm
2017-07-12  9:37     ` Tom Zander
2017-07-12  9:02   ` Tom Zander
2017-07-11 23:28 ` Anthony Towns
2017-07-17 17:13 ` [bitcoin-dev] Updating the Scaling Roadmap [Update] Paul Sztorc
2017-07-17 18:49   ` Alex Morcos
2017-07-17 20:13     ` Paul Sztorc
2017-07-17 21:50     ` Peter Todd
     [not found]   ` <20170717214704.ksegcrdqf3zeslah@fedora-23-dvm>
2017-07-17 22:04     ` Paul Sztorc
2017-07-11 22:26 [bitcoin-dev] Updating the Scaling Roadmap Steve Davis

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAGL6+mGEBhn3fjTN5APX3kQjEFjGsG_2LEL_LgXiPOP=xoAZuQ@mail.gmail.com' \
    --to=chris@suredbits.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=contact@taoeffect.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox