On Tue, Aug 16, 2016 at 07:37:19PM +0000, Luke Dashjr via bitcoin-dev wrote:
> On Tuesday, August 16, 2016 5:53:08 PM Johnson Lau via bitcoin-dev wrote:
> > A new BIP is prepared to deal with OP_IF and OP_NOTIF malleability in
> > P2WSH:
> > https://github.com/jl2012/bips/blob/minimalif/bip-minimalif.mediawiki
> > https://github.com/bitcoin/bitcoin/pull/8526
> 
> I am not sure this makes sense. SegWit transactions are already non-malleable 
> due to skipping the witness data in calculating the transaction id. What is 
> the benefit to this?

SegWit txids aren't malleable, but segwit transactions as a whole still are.
For instance, I could mess with a segwit transaction by replacing part of the
witness that is used as an argument to an OP_IF with a much larger push,
potentially making the transaction larger, thus making it not get mined due to
the higher fee. There are also potential legal issues if someone replaces a
push with data where posession in your jurisdiction is illegal.

Having said that, a better approach may be a separate CHECKBOOLVERIFY opcode
that fails unless the top item on the stack is a minimally encoded true or
false value, to allow script writers to opt into this behavior; it's not always
ideal.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org