From: Johnson Lau <jl2012@xbt•hk>
To: "Gregory Maxwell" <greg@xiph•org>,
"bitcoin-dev" <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Completing the retirement of the alert system
Date: Sat, 10 Sep 2016 17:41:21 +0800 [thread overview]
Message-ID: <15713790962.be73b87e4580.3663496705131622210@xbt.hk> (raw)
In-Reply-To: <CAAS2fgTYOUSm07N4NYDCsjjwSbAo_ye84UvbQF--3JzhLHkG0Q@mail.gmail.com>
Concept ACK.
For the details of executing the plan, I think the following is less disruptive:
1. Send a message with (max sequence - 1), notifying all nodes that the key will be retired on or before a date. People with systems relying on this key should either upgrade or ignore the revocation message. We don't know the actual date because the key is shared by many people.
With the max - 1 sequence, no message except the max sequence revocation message may override this message.
2. Send the revocation message at the pre-announced time, if no one have done that before
3. After a few months or so, publish the private key.
>
> One of the facilities in the alert system is that you can send a
> maximum sequence alert which cannot be overridden and displays only a
> static key compromise text message and blocks all other alerts. I plan
> to send a triggering alert in the not-distant future (exact time to be
> announced well in advance) feedback on timing would be welcome.
>
> There are likely a few production systems that automatically shut down
> when there is an alert, so this risks some small one-time disruption
> of those services-- but none worse than if an alert were sent to
> advise about a new system upgrade.
>
> At some point after that, I would then plan to disclose this private
> key in public, eliminating any further potential of reputation attacks
> and diminishing the risk of misunderstanding the key as some special
> trusted source of authority.
>
> Cheers,
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
next prev parent reply other threads:[~2016-09-10 9:41 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-10 0:42 Gregory Maxwell
2016-09-10 0:54 ` Eric Voskuil
2016-09-10 0:58 ` Peter Todd
2016-09-10 1:48 ` Gregory Maxwell
2016-09-10 2:19 ` Peter Todd
2016-09-10 1:31 ` Andrew C
2016-09-10 5:51 ` Wladimir J. van der Laan
2016-09-10 9:41 ` Johnson Lau [this message]
2016-09-10 13:23 ` Andrew C
2016-09-10 14:57 ` Johnson Lau
2016-09-10 15:36 ` Gregory Maxwell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=15713790962.be73b87e4580.3663496705131622210@xbt.hk \
--to=jl2012@xbt$(echo .)hk \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=greg@xiph$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox