Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Z17ro-0005FT-IJ for bitcoin-development@lists.sourceforge.net; Sat, 06 Jun 2015 06:46:04 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of ozlabs.org designates 103.22.144.67 as permitted sender) client-ip=103.22.144.67; envelope-from=rusty@ozlabs.org; helo=ozlabs.org; Received: from ozlabs.org ([103.22.144.67]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1Z17rm-0007iV-MC for bitcoin-development@lists.sourceforge.net; Sat, 06 Jun 2015 06:46:04 +0000 Received: by ozlabs.org (Postfix, from userid 1011) id 792AE1401F6; Sat, 6 Jun 2015 16:45:55 +1000 (AEST) From: Rusty Russell To: Mark Friedenbach In-Reply-To: References: <87k2vhfnx9.fsf@rustcorp.com.au> User-Agent: Notmuch/0.17 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Sat, 06 Jun 2015 16:14:07 +0930 Message-ID: <87h9qlfia0.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.8 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.0 SPF_PASS SPF: sender matches SPF record 0.7 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1Z17rm-0007iV-MC Cc: Bitcoin Development Subject: Re: [Bitcoin-development] [RFC] Canonical input and output ordering in transactions X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jun 2015 06:46:04 -0000 Mark Friedenbach writes: > Rusty, this doesn't play well with SIGHASH_SINGLE which is used in > assurance contracts among other things. Sometimes the ordering is set by > the signing logic itself... Ah, I forgot about that particular wart. Yech. Implies that you can order inputs or outputs, not both. Something like "outputs must be in order, inputs which do not CHECK(MULTI)SIG_(VERIFY) a SIGHASH_SINGLE sig must be in order with respect to each other". But that's much less trivial since it implies script evaluation. In other news, I noticed Kristov Atlas's concurrent proposal just after I posted this (via reddit). He used far more words, but didn't note this issue either AFAICT. Thanks! Rusty.