summaryrefslogtreecommitdiff
path: root/b4/71cc83bc85fd4a0ed14b09859195b666b37059
blob: 0f496a7ed0caf48a161edba21ff41277b046fa38 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
Delivery-date: Sat, 14 Jun 2025 07:08:51 -0700
Received: from mail-oa1-f57.google.com ([209.85.160.57])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBDFIP6H73EBBB2MEW3BAMGQEDXXETGY@googlegroups.com>)
	id 1uQRYv-000460-MZ
	for bitcoindev@gnusha.org; Sat, 14 Jun 2025 07:08:50 -0700
Received: by mail-oa1-f57.google.com with SMTP id 586e51a60fabf-2ea89b7d8easf2556377fac.0
        for <bitcoindev@gnusha.org>; Sat, 14 Jun 2025 07:08:49 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1749910124; cv=pass;
        d=google.com; s=arc-20240605;
        b=Twz+vk3SwMtg2/k04b3EbWGXJyMge79mmJ2K1SKBABj9IH2K79NROia9NUBRkYp3sz
         PPjMwUcOF30tQJdgvPcjfxMo9sK+4iD8AqUejzrOZpj+r6itq1p3e44CC4byXmhRWWOZ
         HGMEQ+pB6Y0HZsayeWZfGhZX8HqSpQo4VbhS/GxDyyDmprxHq5mqWohvnLlpX4B39M9o
         mBdXVxm/yRnZecRgM+UxmoO1/avsmIRhcFsTHFwADdS+1X2PjiI7+sd+osHvVB+uP32x
         k2pCsrRjb3nYhj3rZb3nfIfaCE7xwG/iTlwd2IAnmM/RJEAm7Vk+2ysY19UUa9ZIAEoE
         n/4Q==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:sender:dkim-signature
         :dkim-signature;
        bh=v8FnU6OzbSkEKCXWRVQiVtavD5wsFrqgzs63xyaLfOc=;
        fh=zVBKxwn+ecAQR1h8HAOJTFik6RKOtMxgv/ES8Wb7DwU=;
        b=Ci2OasWpuYExVroub7lZqRuIVryp9JPTKtJ5I3XroAPAe34WXEMQ/0RDocLOVREFhP
         kKtTFzgw4evk2Ken2reiRt0s+jzjnzIqj9FH9eUDF8vQRhDhViYH7OiIoGzeQZm8wpDC
         RvI+Zi/O7GIrIk3qygOLaCySaWMz/dkvve/Xi10LYPwixZ0Ivy+Ih9Z8zFhoPEQBvGGF
         Unu2EqTAx1KGA8kh1GIE+ITutMKZytmnDbku57rJ15MJDIycKCs4WlZmAg6omg0egVVQ
         xM+I43FCkNK1lcLCKRzFUHEO19AHJt7sJ9oGGqRE4yJfKdoGoThXjSqICkmLOVoSZHhJ
         HGVA==;
        darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b="KJ/IXo5e";
       spf=pass (google.com: domain of jameson.lopp@gmail.com designates 2a00:1450:4864:20::234 as permitted sender) smtp.mailfrom=jameson.lopp@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
       dara=pass header.i=@googlegroups.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1749910124; x=1750514924; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=v8FnU6OzbSkEKCXWRVQiVtavD5wsFrqgzs63xyaLfOc=;
        b=F9rIeipzgE/D+WkE7RzHFXdCB4hvP1/VaBHd5p8FZ2H5PHKiY+wmw0BQN4Cv8aCPNo
         GXWNnPTnChTVJYL6ywQJnTJC4cBmcynnCetPzLS6OXHXacNHPkkZlFQx1QhKEUZtRih/
         PplT693Se96LbCDc4Nghw1Gafo0Z8+ruOf5NUcEU/OMglsf2dwDEqwwn15fvIZ1RhHF9
         37yds0qzmzgPKX+/yLblhO9TqSUPNFeKkg9N/SeDT5SEbIlb3zSGJl8gDUEDJTvaR3qA
         fqEqzNjcxxxGZ39sV6vc9v0I9ZpUTiAMtEoigWknljFb8wMY5Yyy4W77UQa+i3a21UUI
         CObQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1749910124; x=1750514924; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=v8FnU6OzbSkEKCXWRVQiVtavD5wsFrqgzs63xyaLfOc=;
        b=ISc68DoX2YqnwGqndO9yrcqNdJhePPhKluS8+ypplTXnsQuRgIk89pUOZjGL3s7sSW
         8Em1fsSNUhMr3idypr3xUP4m9fF/axe+qa25TXUtdXxD8EJ5JP7fA1xCD0SebCYfslcH
         9JXuroOAPgujo9znvPfu40kGLprblqquH/Ll2LI2bYayAeIhxeFhm1Q2I0gqGLQYBgnz
         qLxfPxC5smZH90/ui/ubTpYcTthL74LSix71QPmOdS0YRqhSzWM4y409rXFTPg920Y2F
         r27Omm7lln4as5pJZegqE3mxqhHuQnkUHYi0/sd47R31l5QYIPR6A4zX8RSSZhPdyJrv
         gO9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749910124; x=1750514924;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:x-beenthere:x-gm-message-state:sender:from
         :to:cc:subject:date:message-id:reply-to;
        bh=v8FnU6OzbSkEKCXWRVQiVtavD5wsFrqgzs63xyaLfOc=;
        b=uIEfCUH4n/wwDD56oS5r5NwhjECDJJRpBg7Rf1guQ1XrrRLm5W/dmVRv+v3Pn6/HtG
         VSLk60jKdFA1Ux1HQNJHhyC/0ktgLmPG+8bgVIthv36+D83xMcZUVYastKszmT9dI/e2
         Kp79jSAAuVNlTu6KR9lpoEanKbUYLf6LvWX6wj6cMm0DB72xi2P9hDAwvX/Wuls7sIPS
         bRWkXTJjpxnvfvN7VEqPKFB10DNzOF0on7yTGf8Q4UDRRk3+Cpn/SmmtoksBbehwXUYy
         GZ4YPd4sN4Glv/LNjatfU3CiRCS4xy3WY7Itgjr7Btg1qIT/mZDsJwHEI87zuo6hP5pH
         RfdA==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCVcb4GyZ3XladyDGxBetwEvxdGlSn+uSAECvaVO4W32mpXTkh3svVLkh6C97YDnmNJ6PsjIr/QK2Mah@gnusha.org
X-Gm-Message-State: AOJu0YwLPe+CDOk52H8JjBgEiUrB9ykLuUd8avXtFWbohhdfIwNGNp9B
	XbwGTIKkHugrbTRMB3Gm5GFBxIB6MqUv4nAJ8SrK95Is8yZplpIKgQXZ
X-Google-Smtp-Source: AGHT+IFFXBn86R8NIP+WhGqsocmlOAUvP+6hr2EtpctM3+b580fjoPVowre10kGHYz04S7GJeO1nQg==
X-Received: by 2002:a05:6870:64a1:b0:2c1:44a9:fc16 with SMTP id 586e51a60fabf-2eaf0bf166bmr1868751fac.38.1749910123816;
        Sat, 14 Jun 2025 07:08:43 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZdd/wdGjkspgiV0buFpmXIbaeZlqRhETfH+tr0J7Rf0FA==
Received: by 2002:a05:6871:68c:b0:2da:b91c:91bd with SMTP id
 586e51a60fabf-2eab6ee08a7ls4327055fac.1.-pod-prod-09-us; Sat, 14 Jun 2025
 07:08:40 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCVZxd7+O5+NnRdhkgsoo3QR1NhyNnN37lnj72QL5ofnMkJFzFaNkKxCBf+S/yw9T6y86IWUoC26NJj+@googlegroups.com
X-Received: by 2002:a05:6808:d53:b0:406:4e0c:9aaa with SMTP id 5614622812f47-40a7c137732mr2132551b6e.14.1749910120839;
        Sat, 14 Jun 2025 07:08:40 -0700 (PDT)
Received: by 2002:a7b:c386:0:b0:450:ce23:93de with SMTP id 5b1f17b1804b1-453345232cams5e9;
        Fri, 13 Jun 2025 08:41:56 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCUU7vbg0/cRxDQepxf7BmNLXwwj5CWW3joYXqW1pzfKy1ommDKbn21MvDPLxaoPe0+x+QxV4EeNQUCv@googlegroups.com
X-Received: by 2002:a05:600c:8b61:b0:441:b3eb:570a with SMTP id 5b1f17b1804b1-4533cacf371mr177875e9.2.1749829313871;
        Fri, 13 Jun 2025 08:41:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1749829313; cv=none;
        d=google.com; s=arc-20240605;
        b=HIPORReYaLFLw0YcVyRKTjFy+9qe/k83ZxFJTM9Ui/y9iv5RK+R/jS8ngR9z/vD8cY
         aDViZF8sFLTbE2OcYVQ3q8sQNroanGpxzCvvf0zswLDY3Nsq/JPzrww/Az0u/D6Bc5v9
         NdXK0neZ8pH2TU3FA09wjugcWMRLYIWxnVZlpQyUiiKLqwLZg66AChlQFDUSBR7yUirv
         u7AjKl2j3R4S3BFbG+WuCf5cGPLkFYobQzHhdjE8W1OdOUdRvpHx2H/NNJM8ubFpatDl
         pYWJKb6Rna0j9kNZdVqJopcalq342ch3lNzd4G8Vg3GQPZ6YdNoOpY5NGZNlScUkkhs0
         5Pwg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:dkim-signature;
        bh=t0KBmzzSNGIV7U32Vtx3HDofIhuhpwdcn2LPh2lIRrc=;
        fh=OWMxS5qOf6vKSAqp7fwMdn7uZ+AMksQ0JlI34pGq8xQ=;
        b=cnPc0CYJu9iG7P5DpdMh8kLKe+VL5FnSS2hGqF8eQGQ/NvlFejXaMSS9BoZuSudV0D
         4UpZYs2A/4gZnEcsmpyOVtku5RdaydHJxG6H+6wCTAlLtf/gE282D0WsJf0O1AEo8que
         P+oqHEEbcWXZ1+Y3Q8IXDes2SmA1Nm5UmcMhNEBGsaksTFfPh084S/RDBYaeSxlAuPrv
         82RSmWBg/s2T85wMkEOXxpD/XUz08QaCv/ws7p4jCtwDvkc+pn6ds+HKmL/q9JrhOJ9P
         Ef1x2lV8ABaJ05D1Egu8kFOxyh32yom9a+lak8LD7Mt2uKRO5UWJ8KgPQlD6bTHxcEQl
         QSbw==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b="KJ/IXo5e";
       spf=pass (google.com: domain of jameson.lopp@gmail.com designates 2a00:1450:4864:20::234 as permitted sender) smtp.mailfrom=jameson.lopp@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
       dara=pass header.i=@googlegroups.com
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com. [2a00:1450:4864:20::234])
        by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-4532de99249si1058705e9.2.2025.06.13.08.41.53
        for <bitcoindev@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 13 Jun 2025 08:41:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of jameson.lopp@gmail.com designates 2a00:1450:4864:20::234 as permitted sender) client-ip=2a00:1450:4864:20::234;
Received: by mail-lj1-x234.google.com with SMTP id 38308e7fff4ca-32add56e9ddso19113201fa.2
        for <bitcoindev@googlegroups.com>; Fri, 13 Jun 2025 08:41:53 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCVRlck/VXJzQLqoywSgIUCihew3KjdJcQEjdggYCi8+P4GGWNqZkAPmeqPTCBM1V9J9Am9+GVWFAQWI@googlegroups.com
X-Gm-Gg: ASbGncvigRQqy0irw3z+4wcsc+mS4PLaFZOyr+f47VGB+TmMMKIdk95nkKY6OyJjTrC
	QJvWVOT4f9SPw9IDlRSgp3zwK1lzLRGLUlKkGEtalwRwcHG2SW7x47xEqtDTgJQXzsMqhCIOQcG
	ippwkwJu/Ij3qyVkf7eXgTmaVq4ib8UWzTgGAN5p/MysIz/yDYb5NtIQ==
X-Received: by 2002:a2e:be0a:0:b0:32a:8764:ecf1 with SMTP id
 38308e7fff4ca-32b3e9cab70mr9393201fa.4.1749829312156; Fri, 13 Jun 2025
 08:41:52 -0700 (PDT)
MIME-Version: 1.0
References: <aEdoIvOgNNtT6L4s@mail.wpsoftware.net> <CAPfvXfL=7bQvhN5ZOJoS-hQ8TmUku=mNhxNop=ZhcyH+kqs9jw@mail.gmail.com>
 <46349b6c-ccec-4378-8721-aecec22752e7@mattcorallo.com> <de023ffa-6f8b-44bc-8e4d-6012e2ba3ccen@googlegroups.com>
 <8d158e3d-b3cc-44b6-b71b-ab2e733c047c@mattcorallo.com> <CAPfvXfLc5-=UVpcvYrC=VP7rLRroFviLTjPQfeqMQesjziL=CQ@mail.gmail.com>
 <aEsvtpiLWoDsfZrN@mail.wpsoftware.net> <f8b37a59-0897-40df-a08e-7812c806a716@mattcorallo.com>
 <CADL_X_fxwKLdst9tYQqabUsJgu47xhCbwpmyq97ZB-SLWQC9Xw@mail.gmail.com> <psUO5AHTglJ3KiGM5tTd0sqrFDUexydKzfkOpjOHcWM97OdluX_hIplsXxl_9vzS1pPOqMek3rVBhlzWiPyuvFvz7VmG9FNXapkMG97a7xc=@protonmail.com>
In-Reply-To: <psUO5AHTglJ3KiGM5tTd0sqrFDUexydKzfkOpjOHcWM97OdluX_hIplsXxl_9vzS1pPOqMek3rVBhlzWiPyuvFvz7VmG9FNXapkMG97a7xc=@protonmail.com>
From: Jameson Lopp <jameson.lopp@gmail.com>
Date: Fri, 13 Jun 2025 11:41:40 -0400
X-Gm-Features: AX0GCFswIlvKmpvQg6QFiNfuH0nRss1dhnHsbqXW2yuJgjli3CCKC_WOe-aBq2A
Message-ID: <CADL_X_faQhCGS78y0Nggm_h=x_cEtshhbrZDDhQ=FEgbDXkc-Q@mail.gmail.com>
Subject: Re: [bitcoindev] CTV + CSFS: a letter
To: Antoine Poinsot <darosior@protonmail.com>
Cc: Matt Corallo <lf-lists@mattcorallo.com>, Andrew Poelstra <apoelstra@wpsoftware.net>, 
	Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Content-Type: multipart/alternative; boundary="000000000000919a53063775e22c"
X-Original-Sender: jameson.lopp@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@gmail.com header.s=20230601 header.b="KJ/IXo5e";       spf=pass
 (google.com: domain of jameson.lopp@gmail.com designates 2a00:1450:4864:20::234
 as permitted sender) smtp.mailfrom=jameson.lopp@gmail.com;       dmarc=pass
 (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;       dara=pass header.i=@googlegroups.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)

--000000000000919a53063775e22c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Casa (and many other companies focused on custody products) would love to
see vaulting functionality. I don't think any of us are too hung up on the
details of the particular implementation - we would rather have a "good"
tool than not have any tool because consensus has not been achieved for a
"perfect" solution.

What is the problem that makes vaults desirable? It's frankly because
there's no such thing as perfect security. Even if one designs an
architecture that is nearly perfectly secure against external threats, the
issue of internal threats (such as oneself, via social engineering) will
remain. The ability to require high value funds to sit in a "quarantine /
cooldown" address for some period of time before they can be sent to an
arbitrary address enables additional security measures a la watchtowers to
be designed. Being your own bank is still an incredibly scary proposition
because it's quite difficult to design custody solutions that tolerate
failures without leading to catastrophic loss. The more tools that custody
application engineers have available to them, the more guardrails we can
build into wallet software, and thus hopefully the more comfortable we can
make the general public with the idea of taking on the responsibility of
self custody.

To be clear, I'm not aware of CSFS improving the vaulting functionality
already available via CTV. As far as I can tell, CSFS is one of the least
controversial opcodes proposed in a long time and just seems to be an
all-around win with no risks / trade-offs, so why not bundle it in?

I'm not sure how to parse Antoine's claim that CTV+CSFS doesn't enable
vaults given that there has already been a CTV vault client proof of
concept for 3 years: https://github.com/jamesob/simple-ctv-vault

On Fri, Jun 13, 2025 at 9:07=E2=80=AFAM Antoine Poinsot <darosior@protonmai=
l.com>
wrote:

> Jameson,
>
> Thanks for sharing. Although i grew more skeptical of the reactive
> security model of vaults as i implemented them in practice for real users=
,
> i can appreciate people's mileage may vary.
>
> That said, consensus-enforced vaults require a mechanism to forward any
> amount received on a script A to a pre-committed script B. CTV+CSFS does
> not enable this, and a primitive that actually does (like CCV) is more
> controversial because of its potency. I see the CTV+CSFS bundle as
> maximizing "bang for your buck" in terms of capabilities enabled compared
> to the accompanying risk. If we do want vaults, then we need to get past
> the MEVil concerns and much more interesting primitives are actually on t=
he
> table.
>
> I also appreciate that CTV is nice to have for CCV vaults, but a potentia=
l
> future use case that is not enabled by one proposal cannot be used to
> motivate said proposal.
>
> Best,
> Antoine Poinsot
> On Friday, June 13th, 2025 at 7:15 AM, Jameson Lopp <
> jameson.lopp@gmail.com> wrote:
>
> > Unlike a generic "We Want Things" sign-on letter, individual messages
> indicating desire to utilize features is way more compelling.
>
> Then I submit my essay from 2 years ago (
> https://blog.casa.io/why-bitcoin-needs-covenants/) and will quote myself:
>
> "There are clearly a LOT of use cases that could potentially be unlocked
> with the right kind of covenant implementation. Personally, having spent =
8
> years working on high security multi-signature wallets, I'm most interest=
ed
> in vaults. I believe the value they offer is quite straightforward and is
> applicable to every single self-custody bitcoin user, regardless of what
> type of wallet they are running."
>
> - Jameson
>
> On Thu, Jun 12, 2025 at 6:54=E2=80=AFPM Matt Corallo <lf-lists@mattcorall=
o.com>
> wrote:
>
>> To be fair to James, in my (luckily rather brief) experience with
>> Bitcoin-consensus-letter-writing,
>> its nearly impossible to forge a statement that everyone agrees to that
>> is consistently interpreted.
>>
>> Matt
>>
>> On 6/12/25 3:51 PM, Andrew Poelstra wrote:
>> > Le Thu, Jun 12, 2025 at 02:38:13PM -0400, James O'Beirne a =C3=A9crit =
:
>> >>
>> >> As the person who coordinated the letter, I can say that this is not =
an
>> >> accurate characterization of the signers' intent. Everyone who signed
>> >> explicitly wants to see the imminent review, integration, and
>> activation
>> >> planning for CTV+CSFS specifically. The letter is intentionally
>> concise to
>> >> make sure there are no misunderstandings about that.
>> >>
>> >> I spoke to each person on the original list of signatories who either
>> did
>> >> (or didn't) sign and this was made very clear. Some people didn't sig=
n
>> as a
>> >> result of what the letter says.
>> >>
>> >
>> > The letter asks Core to "prioritize the review and integration" on an
>> > accelerated timeline, and that this will "allow" for "activation
>> planning".
>> >
>> > Early drafts of the letter did ask for actual integration and even
>> > activation, but I did not sign any of those early drafts. It was not
>> > until the language was weakened to be about priorities and planning (a=
nd
>> > to be a "respectful ask" rather some sort of demand) that I signed on.
>> >
>> >
>> > The letter is concise but unfortunately I think Matt is correct that i=
t
>> > offers a broad range of interpretations, even among the signers.
>> >
>> >
>>
>> --
>> You received this message because you are subscribed to the Google Group=
s
>> "Bitcoin Development Mailing List" group.
>> To unsubscribe from this group and stop receiving emails from it, send a=
n
>> email to bitcoindev+unsubscribe@googlegroups.com.
>> To view this discussion visit
>> https://groups.google.com/d/msgid/bitcoindev/f8b37a59-0897-40df-a08e-781=
2c806a716%40mattcorallo.com
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/bitcoindev/CADL_X_fxwKLdst9tYQqabUsJgu4=
7xhCbwpmyq97ZB-SLWQC9Xw%40mail.gmail.com
> .
>
>
>

--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
CADL_X_faQhCGS78y0Nggm_h%3Dx_cEtshhbrZDDhQ%3DFEgbDXkc-Q%40mail.gmail.com.

--000000000000919a53063775e22c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Casa (and many other companies focused on custody products=
) would love to see vaulting functionality. I don&#39;t think any of us are=
 too hung up on the details of the particular implementation - we would rat=
her have a &quot;good&quot; tool than not have any tool because consensus h=
as not been achieved for a &quot;perfect&quot; solution.<div><br></div><div=
>What is the problem that makes vaults desirable? It&#39;s frankly because =
there&#39;s no such thing as perfect security. Even if one designs an archi=
tecture that is nearly perfectly secure against external threats, the issue=
 of internal threats (such as oneself, via social engineering) will remain.=
 The ability to require high value funds to sit in a &quot;quarantine / coo=
ldown&quot; address for some period of time before they can be sent to an a=
rbitrary address enables additional security measures a la watchtowers to b=
e designed. Being your own bank is still an incredibly scary proposition be=
cause it&#39;s quite difficult to design custody solutions that tolerate fa=
ilures without leading to catastrophic loss. The more tools that custody ap=
plication engineers have available to them, the more guardrails we can buil=
d into wallet software, and thus hopefully the more comfortable we can make=
 the general public with the idea of taking on the responsibility of self c=
ustody.</div><div><br></div><div>To be clear, I&#39;m not aware of CSFS imp=
roving the vaulting functionality already available via CTV. As far as I ca=
n tell, CSFS is one of the least controversial opcodes proposed in a long t=
ime and just seems to be an all-around win with no risks / trade-offs, so w=
hy not bundle it in?</div><div><br></div><div>I&#39;m not sure how to parse=
 Antoine&#39;s claim that CTV+CSFS doesn&#39;t enable vaults given that the=
re has already been a CTV vault client proof of concept for 3 years: <a hre=
f=3D"https://github.com/jamesob/simple-ctv-vault">https://github.com/jameso=
b/simple-ctv-vault</a></div></div><br><div class=3D"gmail_quote gmail_quote=
_container"><div dir=3D"ltr" class=3D"gmail_attr">On Fri, Jun 13, 2025 at 9=
:07=E2=80=AFAM Antoine Poinsot &lt;<a href=3D"mailto:darosior@protonmail.co=
m">darosior@protonmail.com</a>&gt; wrote:<br></div><blockquote class=3D"gma=
il_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,2=
04,204);padding-left:1ex"><div style=3D"font-family:Arial,sans-serif;font-s=
ize:14px">Jameson,</div><div style=3D"font-family:Arial,sans-serif;font-siz=
e:14px"><br></div><div style=3D"font-family:Arial,sans-serif;font-size:14px=
">Thanks for sharing. Although i grew more skeptical of the reactive securi=
ty model of vaults as i implemented them in practice for real users, i can =
appreciate people&#39;s mileage may vary.</div><div style=3D"font-family:Ar=
ial,sans-serif;font-size:14px"><br></div><div style=3D"font-family:Arial,sa=
ns-serif;font-size:14px">That said, consensus-enforced vaults require a mec=
hanism to forward any amount received on a script A to a pre-committed scri=
pt B. CTV+CSFS does not enable this, and a primitive that actually does (li=
ke CCV) is more controversial because of its potency. I see the CTV+CSFS bu=
ndle as maximizing &quot;bang for your buck&quot; in terms of capabilities =
enabled compared to the accompanying risk. If we do want vaults, then we ne=
ed to get past the MEVil concerns and much more interesting primitives are =
actually on the table.<br></div><div style=3D"font-family:Arial,sans-serif;=
font-size:14px"><br></div><div style=3D"font-family:Arial,sans-serif;font-s=
ize:14px">I also appreciate that CTV is nice to have for CCV vaults, but a =
potential future use case that is not enabled by one proposal cannot be use=
d to motivate said proposal.</div><div style=3D"font-family:Arial,sans-seri=
f;font-size:14px"><br></div><div style=3D"font-family:Arial,sans-serif;font=
-size:14px">Best,<br>Antoine Poinsot<br></div><div>
        On Friday, June 13th, 2025 at 7:15 AM, Jameson Lopp &lt;<a href=3D"=
mailto:jameson.lopp@gmail.com" target=3D"_blank">jameson.lopp@gmail.com</a>=
&gt; wrote:<br>
        <blockquote type=3D"cite">
            <div dir=3D"ltr">&gt; Unlike a generic &quot;We Want Things&quo=
t; sign-on letter, individual messages indicating desire to utilize feature=
s is way more compelling.<div><br></div><div>Then I submit my essay from 2 =
years ago (<a href=3D"https://blog.casa.io/why-bitcoin-needs-covenants/" re=
l=3D"noreferrer nofollow noopener" target=3D"_blank">https://blog.casa.io/w=
hy-bitcoin-needs-covenants/</a>) and will quote myself:</div><div><br></div=
><div>&quot;There are clearly a LOT of use cases that could potentially be =
unlocked with the right kind of covenant implementation. Personally, having=
 spent 8 years working on high security multi-signature wallets, I&#39;m mo=
st interested in vaults. I believe the value they offer is quite straightfo=
rward and is applicable to every single self-custody bitcoin user, regardle=
ss of what type of wallet they are running.&quot;</div><div><br></div><div>=
- Jameson</div></div><br><div class=3D"gmail_quote"><div class=3D"gmail_att=
r" dir=3D"ltr">On Thu, Jun 12, 2025 at 6:54=E2=80=AFPM Matt Corallo &lt;<a =
href=3D"mailto:lf-lists@mattcorallo.com" rel=3D"noreferrer nofollow noopene=
r" target=3D"_blank">lf-lists@mattcorallo.com</a>&gt; wrote:<br></div><bloc=
kquote style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,=
204);padding-left:1ex" class=3D"gmail_quote">To be fair to James, in my (lu=
ckily rather brief) experience with Bitcoin-consensus-letter-writing, <br>
its nearly impossible to forge a statement that everyone agrees to that is =
consistently interpreted.<br>
<br>
Matt<br>
<br>
On 6/12/25 3:51 PM, Andrew Poelstra wrote:<br>
&gt; Le Thu, Jun 12, 2025 at 02:38:13PM -0400, James O&#39;Beirne a =C3=A9c=
rit :<br>
&gt;&gt;<br>
&gt;&gt; As the person who coordinated the letter, I can say that this is n=
ot an<br>
&gt;&gt; accurate characterization of the signers&#39; intent. Everyone who=
 signed<br>
&gt;&gt; explicitly wants to see the imminent review, integration, and acti=
vation<br>
&gt;&gt; planning for CTV+CSFS specifically. The letter is intentionally co=
ncise to<br>
&gt;&gt; make sure there are no misunderstandings about that.<br>
&gt;&gt;<br>
&gt;&gt; I spoke to each person on the original list of signatories who eit=
her did<br>
&gt;&gt; (or didn&#39;t) sign and this was made very clear. Some people did=
n&#39;t sign as a<br>
&gt;&gt; result of what the letter says.<br>
&gt;&gt;<br>
&gt; <br>
&gt; The letter asks Core to &quot;prioritize the review and integration&qu=
ot; on an<br>
&gt; accelerated timeline, and that this will &quot;allow&quot; for &quot;a=
ctivation planning&quot;.<br>
&gt; <br>
&gt; Early drafts of the letter did ask for actual integration and even<br>
&gt; activation, but I did not sign any of those early drafts. It was not<b=
r>
&gt; until the language was weakened to be about priorities and planning (a=
nd<br>
&gt; to be a &quot;respectful ask&quot; rather some sort of demand) that I =
signed on.<br>
&gt; <br>
&gt; <br>
&gt; The letter is concise but unfortunately I think Matt is correct that i=
t<br>
&gt; offers a broad range of interpretations, even among the signers.<br>
&gt; <br>
&gt; <br>
<br>
-- <br>
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev%2Bunsubscribe@googlegroups.com" rel=3D=
"noreferrer nofollow noopener" target=3D"_blank">bitcoindev+unsubscribe@goo=
glegroups.com</a>.<br>
To view this discussion visit <a rel=3D"noreferrer nofollow noopener" href=
=3D"https://groups.google.com/d/msgid/bitcoindev/f8b37a59-0897-40df-a08e-78=
12c806a716%40mattcorallo.com" target=3D"_blank">https://groups.google.com/d=
/msgid/bitcoindev/f8b37a59-0897-40df-a08e-7812c806a716%40mattcorallo.com</a=
>.<br>
</blockquote></div>

<p></p>

-- <br>
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com" rel=3D"n=
oreferrer nofollow noopener" target=3D"_blank">bitcoindev+unsubscribe@googl=
egroups.com</a>.<br>
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/CADL_X_fxwKLdst9tYQqabUsJgu47xhCbwpmyq97ZB-SLWQC9Xw%40mail.gmail=
.com" rel=3D"noreferrer nofollow noopener" target=3D"_blank">https://groups=
.google.com/d/msgid/bitcoindev/CADL_X_fxwKLdst9tYQqabUsJgu47xhCbwpmyq97ZB-S=
LWQC9Xw%40mail.gmail.com</a>.<br>

        </blockquote><br>
    </div></blockquote></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/CADL_X_faQhCGS78y0Nggm_h%3Dx_cEtshhbrZDDhQ%3DFEgbDXkc-Q%40mail.g=
mail.com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/=
d/msgid/bitcoindev/CADL_X_faQhCGS78y0Nggm_h%3Dx_cEtshhbrZDDhQ%3DFEgbDXkc-Q%=
40mail.gmail.com</a>.<br />

--000000000000919a53063775e22c--