1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
|
Return-Path: <btcdrak@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id CA546959
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 17 Oct 2016 13:13:46 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-yw0-f176.google.com (mail-yw0-f176.google.com
[209.85.161.176])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 0A150126
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 17 Oct 2016 13:13:46 +0000 (UTC)
Received: by mail-yw0-f176.google.com with SMTP id t192so115151830ywf.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 17 Oct 2016 06:13:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
bh=/N7W9kCiZTHqMHNK/PZKCQe+C9kjfTI8hJHvNMPqPjU=;
b=d60XG2ZaJlXFH337wtktVXRtt1hwZ3GT1YDxDg2jvMdE/tRWCArNI4wioSYwl5yHuZ
fArAcisOfQvx9KaTsyHQQGvFuK7CssOPkUVFxbSKRD1rUPWZlcrf0zl10l9CZab8VMCY
zMxPwtHK6mS0YON76fRqgbuW0Vw5+UAZ7/OC+DOHQBXhZ4Olh81rtqOQkuoL3W0AkDMH
nexdXjCrnEWL3AyoUOK8+6IOfmtqnxQ3e+DhIiVFxqb1ysFdLDFuaWgVzbQLoioXMQdN
XU9RMmIn4act2dNZtufjPwht71BcSDrR4RDrm+lUaosHm5O2EA7KZmcVrwhFdd9unuGW
BuHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to;
bh=/N7W9kCiZTHqMHNK/PZKCQe+C9kjfTI8hJHvNMPqPjU=;
b=fb5qdYKkB4DyVstsKUtZ9fRrKwGI5Kj8bFkwwPzvumNBbEia3ExjpBiswy+z2V3qsx
tfxuusRga31/TFDFqjGZoE+RJANEces9WjGKj3AWFFmsQS73u0cLE8DvM4wROBhQdGDA
yyo1lD3pSOUKmRoMbBEOL67HiYBAvmTJZIEhvv2neJS+tZpZskNsBMVoPO+TXZNC2LrY
G4OuXgLj2zmi7qcIifFQiQgg0dH4ITZ/JFSZRaLGciYhvXwSr/uUouqhhSxz6R1Nb5wH
VsJchNbuitP6gAo6MjAZowv2RSjsVu9HITdovnSUDuo9Ars/jH/HKB8tZn7UbRIe+P5L
w0DQ==
X-Gm-Message-State: AA6/9RlyxbyQAdup2RXVUJQC66/eczBoGsb6QwMGgkMnGMGVc9iHWDd/ioLKrXE7a5FkBU6rcpq1N61jvOymbA==
X-Received: by 10.13.202.79 with SMTP id m76mr22712722ywd.251.1476710025339;
Mon, 17 Oct 2016 06:13:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.167.74 with HTTP; Mon, 17 Oct 2016 06:13:25 -0700 (PDT)
In-Reply-To: <3326159.7vNQY8OkXt@strawberry>
References: <CAPg+sBjdyJ297-GZvVc-wQwCEX-cRAGTNWDd92SgVzdCcD_ZMw@mail.gmail.com>
<2034434.4WpKWoeOrB@strawberry> <5803D698.2080102@mattcorallo.com>
<3326159.7vNQY8OkXt@strawberry>
From: Btc Drak <btcdrak@gmail.com>
Date: Mon, 17 Oct 2016 14:13:25 +0100
Message-ID: <CADJgMzu_0_W5X_+00Rfx=LC88nGcc4Qn9yGU7GEMKic_Sob1LA@mail.gmail.com>
To: Tom Zander <tomz@freedommail.ch>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary=001a114f17807f2f00053f0f58cd
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HK_RANDOM_ENVFROM,
HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Mon, 17 Oct 2016 13:15:47 +0000
Subject: Re: [bitcoin-dev] (no subject)
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Oct 2016 13:13:46 -0000
--001a114f17807f2f00053f0f58cd
Content-Type: text/plain; charset=UTF-8
For continuity, Matt took the discussion to the bitcoin-discuss lists here
https://lists.linuxfoundation.org/pipermail/bitcoin-discuss/2016-October/000104.html
On Sun, Oct 16, 2016 at 9:45 PM, Tom Zander via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> On Sunday, 16 October 2016 19:35:52 CEST Matt Corallo wrote:
> > You keep calling flexible transactions "safer", and yet you haven't
> > mentioned that the current codebase is riddled with blatant and massive
> > security holes.
>
> I am not afraid of people finding issues with my code, I'm only human.
> Would
> appreciate you reporting actual issues instead of hinting at things here.
> Can't fix things otherwise :)
>
> But, glad you brought it up, the reason that FT is safer is because of the
> amount of conceps that SegWit changes in a way that anyone doing
> development
> on Bitcoin later will need to know about them in order to do proper
> development.
> I counted 10 in my latest vlog entry. FT only changes 2.
>
> Its safer because its simpler.
>
> > For example, you seem to have misunderstood C++'s memory
> > model - you would have no less than three out-of-bound, probably
> > exploitable memory accesses in your 80-LoC deserialize method at
> > https://github.com/bitcoinclassic/bitcoinclassic/
> blob/develop/src/primitiv
> > es/transaction.cpp#L119 if you were to turn on flexible transactions (and
> > I only reviewed that method for 2 minutes).
>
> The unit test doesn't hit any of them. Valgrind only reports such possibly
> exploitable issues in secp256k and CKey::MakeNewKey. The same as in Core.
>
> I don't doubt that your 2 minute look shows stuff that others missed, and
> that valgrind doesn't find either, but I'd be really grateful if you can
> report them specifically to me in an email off list (or github, you know
> the
> drill).
> More feedback will only help to make the proposal stronger and even better.
> Thanks!
>
> > If you want to propose an
> > alternative to a community which has been in desperate need of fixes to
> > many problems for several years, please do so with something which would
> > not take at least a year to complete given a large team of qualified
> > developers.
>
> I think FT fits the bill just fine :) After your 2 minute look, take a bit
> longer and check the rest of the code. You may be surprised with the
> simplicity of the approach.
> --
> Tom Zander
> Blog: https://zander.github.io
> Vlog: https://vimeo.com/channels/tomscryptochannel
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--001a114f17807f2f00053f0f58cd
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">For continuity, Matt took the discussion to the bitcoin-di=
scuss lists here=C2=A0<a href=3D"https://lists.linuxfoundation.org/pipermai=
l/bitcoin-discuss/2016-October/000104.html">https://lists.linuxfoundation.o=
rg/pipermail/bitcoin-discuss/2016-October/000104.html</a></div><div class=
=3D"gmail_extra"><br><div class=3D"gmail_quote">On Sun, Oct 16, 2016 at 9:4=
5 PM, Tom Zander via bitcoin-dev <span dir=3D"ltr"><<a href=3D"mailto:bi=
tcoin-dev@lists.linuxfoundation.org" target=3D"_blank">bitcoin-dev@lists.li=
nuxfoundation.org</a>></span> wrote:<br><blockquote class=3D"gmail_quote=
" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><=
span class=3D"">On Sunday, 16 October 2016 19:35:52 CEST Matt Corallo wrote=
:<br>
> You keep calling flexible transactions "safer", and yet you =
haven't<br>
> mentioned that the current codebase is riddled with blatant and massiv=
e<br>
> security holes.<br>
<br>
</span>I am not afraid of people finding issues with my code, I'm only =
human. Would<br>
appreciate you reporting actual issues instead of hinting at things here.<b=
r>
Can't fix things otherwise :)<br>
<br>
But, glad you brought it up, the reason that FT is safer is because of the<=
br>
amount of conceps that SegWit changes in a way that anyone doing developmen=
t<br>
on Bitcoin later will need to know about them in order to do proper<br>
development.<br>
I counted 10 in my latest vlog entry.=C2=A0 FT only changes 2.<br>
<br>
Its safer because its simpler.<br>
<span class=3D""><br>
> For example, you seem to have misunderstood C++'s memory<br>
> model - you would have no less than three out-of-bound, probably<br>
> exploitable memory accesses in your 80-LoC deserialize method at<br>
> <a href=3D"https://github.com/bitcoinclassic/bitcoinclassic/blob/devel=
op/src/primitiv" rel=3D"noreferrer" target=3D"_blank">https://github.com/<w=
br>bitcoinclassic/bitcoinclassic/<wbr>blob/develop/src/primitiv</a><br>
</span>> es/transaction.cpp#L119 if you were to turn on flexible transac=
tions (and<br>
<span class=3D"">> I only reviewed that method for 2 minutes).<br>
<br>
</span>The unit test doesn't hit any of them. Valgrind only reports suc=
h possibly<br>
exploitable issues in secp256k and CKey::MakeNewKey. The same as in Core.<b=
r>
<br>
I don't doubt that your 2 minute look shows stuff that others missed, a=
nd<br>
that valgrind doesn't find either, but I'd be really grateful if yo=
u can<br>
report them specifically to me in an email off list (or github, you know th=
e<br>
drill).<br>
More feedback will only help to make the proposal stronger and even better.=
<br>
Thanks!<br>
<span class=3D""><br>
> If you want to propose an<br>
> alternative to a community which has been in desperate need of fixes t=
o<br>
> many problems for several years, please do so with something which wou=
ld<br>
> not take at least a year to complete given a large team of qualified<b=
r>
> developers.<br>
<br>
</span>I think FT fits the bill just fine :)=C2=A0 After your 2 minute look=
, take a bit<br>
longer and check the rest of the code. You may be surprised with the<br>
simplicity of the approach.<br>
<span class=3D"HOEnZb"><font color=3D"#888888">--<br>
Tom Zander<br>
Blog: <a href=3D"https://zander.github.io" rel=3D"noreferrer" target=3D"_bl=
ank">https://zander.github.io</a><br>
Vlog: <a href=3D"https://vimeo.com/channels/tomscryptochannel" rel=3D"noref=
errer" target=3D"_blank">https://vimeo.com/channels/<wbr>tomscryptochannel<=
/a><br>
</font></span><div class=3D"HOEnZb"><div class=3D"h5">_____________________=
_________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
<wbr>linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-<wbr>dev</a><br>
</div></div></blockquote></div><br></div>
--001a114f17807f2f00053f0f58cd--
|