From: Christian Decker <decker.christian@gmail•com>
To: Gregory Maxwell <greg@xiph•org>,
Bitcoin Protocol Discussion
<bitcoin-dev@lists•linuxfoundation.org>
Cc: lightning-dev@lists•linuxfoundation.org
Subject: Re: [bitcoin-dev] BIP sighash_noinput
Date: Tue, 03 Jul 2018 14:05:09 +0200 [thread overview]
Message-ID: <871sckjzii.fsf@gmail.com> (raw)
In-Reply-To: <CAAS2fgS-_D7aBcDf_nAbuREBxv65zYMr60-1YqCnx-esvRVfEg@mail.gmail.com>
Gregory Maxwell <greg@xiph•org> writes:
> I know it seems kind of silly, but I think it's somewhat important
> that the formal name of this flag is something like
> "SIGHASH_REPLAY_VULNERABLE" or likewise or at least
> "SIGHASH_WEAK_REPLAYABLE". This is because noinput is materially
> insecure for traditional applications where a third party might pay to
> an address a second time, and should only be used in special protocols
> which make that kind of mistake unlikely. Otherwise, I'm worried
> that wallets might start using this sighash because it simplifies
> handling malleability without realizing that when a third party reuses
> a script pubkey, completely outside of control of the wallet that uses
> the flag, funds will be lost as soon as a troublemaker shows up (but
> not, sadly, in testing). This sort of risk is magnified because the
> third party address reuser has no way to know that this sighash flag
> has (or will) be used with a particular scriptpubkey.
Absolutely agree that we should be signaling the danger of using noinput
as clearly as possible to developers, and I'm more than happy to adopt
the _unsafe suffix suggested by jb55. I think using non-sighash_all
sighashes is always a huge danger, as you have correctly pointed out, so
maybe we should be marking all of them as being unsafe, or make sure to
communicate that danger on a higher level (docs).
next prev parent reply other threads:[~2018-07-03 12:05 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-30 16:29 Christian Decker
2018-04-30 18:25 ` Dario Sneidermanis
2018-05-01 16:58 ` Russell O'Connor
2018-05-01 17:32 ` Christian Decker
2018-05-04 9:15 ` ZmnSCPxj
2018-05-04 11:09 ` Christian Decker
2018-05-04 14:25 ` ZmnSCPxj
2018-09-26 9:36 ` Jonas Nick
2018-09-26 19:45 ` Johnson Lau
2018-09-26 20:40 ` Jonas Nick
2018-05-07 19:40 ` Christian Decker
2018-05-07 20:51 ` Bram Cohen
2018-07-03 6:58 ` [bitcoin-dev] [Lightning-dev] " ZmnSCPxj
2018-07-03 11:54 ` William Casarin
2018-05-08 14:40 ` [bitcoin-dev] " Anthony Towns
2018-05-09 23:01 ` Olaoluwa Osuntokun
2018-05-09 23:04 ` Rusty Russell
2018-05-14 9:23 ` [bitcoin-dev] [Lightning-dev] " Anthony Towns
2018-05-15 14:28 ` Christian Decker
2018-05-07 23:47 ` [bitcoin-dev] " Olaoluwa Osuntokun
2018-05-10 14:12 ` Christian Decker
2018-07-02 18:11 ` Gregory Maxwell
2018-07-03 4:56 ` Rusty Russell
2018-07-03 5:21 ` Peter Todd
2018-07-03 23:45 ` Gregory Maxwell
2018-07-09 9:41 ` Peter Todd
2018-07-03 12:05 ` Christian Decker [this message]
2018-07-03 12:13 ` [bitcoin-dev] [Lightning-dev] " Luke Dashjr
2018-07-04 18:08 ` fred savage
2018-07-05 8:18 ` vv01f
[not found] ` <CAK_c0Xo0G9-YiOGZK_8WsYNkzjQRaH+u7XOUAozKosggXeXTNg@mail.gmail.com>
2018-07-11 7:43 ` ZmnSCPxj
2018-07-13 0:04 ` Rusty Russell
2018-07-13 9:50 ` fred savage
2018-07-13 11:07 ` Christian Decker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871sckjzii.fsf@gmail.com \
--to=decker.christian@gmail$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=greg@xiph$(echo .)org \
--cc=lightning-dev@lists$(echo .)linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox