1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <namanhd@gmail.com>) id 1WDKO1-0004oB-Ue
for bitcoin-development@lists.sourceforge.net;
Tue, 11 Feb 2014 20:56:57 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.128.176 as permitted sender)
client-ip=209.85.128.176; envelope-from=namanhd@gmail.com;
helo=mail-ve0-f176.google.com;
Received: from mail-ve0-f176.google.com ([209.85.128.176])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1WDKO0-0002Oe-0C
for bitcoin-development@lists.sourceforge.net;
Tue, 11 Feb 2014 20:56:57 +0000
Received: by mail-ve0-f176.google.com with SMTP id oz11so6467691veb.7
for <bitcoin-development@lists.sourceforge.net>;
Tue, 11 Feb 2014 12:56:50 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.52.155.66 with SMTP id vu2mr674442vdb.50.1392152210394; Tue,
11 Feb 2014 12:56:50 -0800 (PST)
Received: by 10.221.49.8 with HTTP; Tue, 11 Feb 2014 12:56:50 -0800 (PST)
In-Reply-To: <CAAS2fgS5=-=6Ws0ofWsyKNHLYQop71kOjBCtF6TUMOmVgHtU_g@mail.gmail.com>
References: <CANAnSg1LgpHGf-vTV0to1Z7sogf1ic6WTbogEsrQy1wh4C5zfw@mail.gmail.com>
<20140210144003.2BDCCDDAEFC@quidecco.de>
<20140210163055.GJ3180@nl.grid.coop>
<CAAS2fgQjKHK4ReQOEtLsTt9KOLxT4G-MiZJ7UKU=qH9ifpuN8g@mail.gmail.com>
<20140210182506.GM3180@nl.grid.coop> <52F91E66.6060305@gmail.com>
<20140210190703.GO3180@nl.grid.coop> <20140210192308.GA17359@savin>
<CA+SxJWBbWH_amgpst9N7nfT4twvfreAhGaxVWZYfTiLjyN8m3g@mail.gmail.com>
<20140210194032.GD17359@savin> <52F9377D.9010405@gmail.com>
<CA+SxJWBM0USWETNeDh-oRgOfrU64GiPbL_Qt5hrFN53C42yNxg@mail.gmail.com>
<CAAS2fgS5=-=6Ws0ofWsyKNHLYQop71kOjBCtF6TUMOmVgHtU_g@mail.gmail.com>
Date: Wed, 12 Feb 2014 02:26:50 +0530
Message-ID: <CA+SxJWArhdVyfGL=V6wa_EFRC3yGDo6vWus+jx9E=u4i_RJc6Q@mail.gmail.com>
From: naman naman <namanhd@gmail.com>
To: Gregory Maxwell <gmaxwell@gmail.com>
Content-Type: multipart/alternative; boundary=089e0160ca9ef9537504f227b1df
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(namanhd[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WDKO0-0002Oe-0C
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>,
Vocatus Gate <vocatus.gate@gmail.com>
Subject: Re: [Bitcoin-development] MtGox blames bitcoin
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2014 20:56:58 -0000
--089e0160ca9ef9537504f227b1df
Content-Type: text/plain; charset=ISO-8859-1
Gregory Maxwell says : "Try paying a consultant if your ego demands that
you have a technical
expert to entertain your musing with immediate response."
I don't know why your resorting to such an adhominem. But I have already
said that you were the only one who responded. Your response was correct as
is reflected in the conversation on the forums. No doubting that. But it
does not address the full scope of the attack where a small pool would
intentionally (or out of whatever reason) make the hash invalid for the txs
they recieve. So that leaves a whole lot of businesses in the lurch who
have relied on txid (albeit wrongly that) for their tracking purposes.
Thats all I'm trying to say, without blaming anyone.
Hope it makes sense.
On Wed, Feb 12, 2014 at 2:19 AM, Gregory Maxwell <gmaxwell@gmail.com> wrote:
> On Tue, Feb 11, 2014 at 12:42 PM, naman naman <namanhd@gmail.com> wrote:
> > I was talking about a DOS attack in
> > https://bitcointalk.org/index.php?topic=458608.0 (ofcourse only
> applicable
> > to entitys doing the tracking with txids).
> >
> > Amazing how I did not get a response from any of the devs (except Greg's
> > response
> > https://bitcointalk.org/index.php?topic=458608.msg5063789#msg5063789 but
> > that too was short and not concerning the attack scenario plausibiity as
> I
> > replied to him).
>
> Try paying a consultant if your ego demands that you have a technical
> expert to entertain your musing with immediate response.
>
> My response was absolutely relevant.
>
> If you reissue a transaction without respending the prior transactions
> coins, you will end up double paying. Only spending the inputs in
> question can prevent the prior transaction (itself or in other form)
> from going through.
>
> Once you respend the inputs there is no risk of actually losing funds
> due to an issue regardless of how you track coins in your higher level
> application.
>
--089e0160ca9ef9537504f227b1df
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Gregory Maxwell says : "<span style=3D"font-family:ar=
ial,sans-serif;font-size:13px">Try paying a consultant if your ego demands =
that you have a technical</span><br style=3D"font-family:arial,sans-serif;f=
ont-size:13px">
<span style=3D"font-family:arial,sans-serif;font-size:13px">expert to enter=
tain your musing with immediate response."</span><div><span style=3D"f=
ont-family:arial,sans-serif;font-size:13px"><br></span></div><div><span sty=
le=3D"font-family:arial,sans-serif;font-size:13px">I don't know why you=
r resorting to such an adhominem. But I have already said that you were the=
only one who responded. Your response was correct as is reflected in the c=
onversation on the forums. No doubting that. But it does not address the fu=
ll scope of the attack where a small pool would intentionally (or out of wh=
atever reason) make the hash invalid for the txs they recieve. So that leav=
es a whole lot of businesses in the lurch who have relied on txid (albeit w=
rongly that) for their tracking purposes. Thats all I'm trying to say, =
without blaming anyone.=A0</span></div>
<div><span style=3D"font-family:arial,sans-serif;font-size:13px"><br></span=
></div><div><span style=3D"font-family:arial,sans-serif;font-size:13px">Hop=
e it makes sense.</span></div></div><div class=3D"gmail_extra"><br><br><div=
class=3D"gmail_quote">
On Wed, Feb 12, 2014 at 2:19 AM, Gregory Maxwell <span dir=3D"ltr"><<a h=
ref=3D"mailto:gmaxwell@gmail.com" target=3D"_blank">gmaxwell@gmail.com</a>&=
gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 =
0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class=3D"">On Tue, Feb 11, 2014 at 12:42 PM, naman naman <<a href=
=3D"mailto:namanhd@gmail.com">namanhd@gmail.com</a>> wrote:<br>
> I was talking about a DOS attack in<br>
> <a href=3D"https://bitcointalk.org/index.php?topic=3D458608.0" target=
=3D"_blank">https://bitcointalk.org/index.php?topic=3D458608.0</a> (ofcours=
e only applicable<br>
> to entitys doing the tracking with txids).<br>
><br>
> Amazing how I did not get a response from any of the devs (except Greg=
's<br>
> response<br>
> <a href=3D"https://bitcointalk.org/index.php?topic=3D458608.msg5063789=
#msg5063789" target=3D"_blank">https://bitcointalk.org/index.php?topic=3D45=
8608.msg5063789#msg5063789</a> but<br>
> that too was short and not concerning the attack scenario plausibiity =
as I<br>
> replied to him).<br>
<br>
</div>Try paying a consultant if your ego demands that you have a technical=
<br>
expert to entertain your musing with immediate response.<br>
<br>
My response was absolutely relevant.<br>
<br>
If you reissue a transaction without respending the prior transactions<br>
coins, you will end up double paying. Only spending the inputs in<br>
question can prevent the prior transaction (itself or in other form)<br>
from going through.<br>
<br>
Once you respend the inputs there is no risk of actually losing funds<br>
due to an issue regardless of how you track coins in your higher level<br>
application.<br>
</blockquote></div><br></div>
--089e0160ca9ef9537504f227b1df--
|