> Op 9 nov. 2017, om 21:45 heeft Jacob Eliosoff via bitcoin-dev het volgende geschreven: > > As I understand you, a private key in cold storage would (of course) remain valid across HFs, but an address would be valid only for the nForkId it was generated for. There may be cold-storage-type cases where it's important for an address to be valid across all chains, ie, to intentionally allow replay? But I guess this could just be a special nForkId value, say -1? If I understand the proposal correctly, you can always spend coins; it's the next transaction that is replay protected. I like the idea of specifying the fork in bech32 [0]. On the other hand, the standard already has a human readable part. Perhaps the human readable part can be used as the fork id? Note that in your currently proposal nForkId is only in the transaction signature pre-image. It's not in the serialized transaction, so a node would just have to try to see if the signature is valid. I don't know if that's a problem. Can you clarify what you mean with: > Allowing signatures with `nForkId=1` can be achieved with a soft fork by incrementing the script version of SegWit, making this a fully backwards compatible change. What's the purpose of nForkId 1? > potentially a way to opt-out of replay protection of any fork, where deemed necessary (can be beneficial for some L2 applications). Can you give an example of where this opt-out would be useful? Why wouldn't it be enough to just sign one transaction for each fork? In Spoonnet, the version number is added to the SIGHASH_TYPE in the pre-image. Your solution of just adding another field seems easier, but maybe there's a downside? Sjors [0] https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki#Bech32