Great, I'm hearing rough consensus to proceed with Pieter's plan.

RE: far from confident on malleability routes: I'm reasonably confident that we can squash malleability for IsStandard, SIGHASH_ALL transactions. A proper proof of DSA signature un-malleability (or an lower bound for how much work it would be to create a valid doppleganger signature) would be great, but I don't think it is necessary to proceed.

On Thu, Feb 20, 2014 at 9:36 AM, Gregory Maxwell <gmaxwell@gmail.com> wrote:

On Thu, Feb 20, 2014 at 6:29 AM, Gavin Andresen <gavinandresen@gmail.com> wrote:
> I think we should get Pieter's proposal done and implemented quickly. I
> agree with Mike, it doesn't have to take a long time for the core network to
> fully support this.
>
> Getting wallets to start generating transaction.version=3 might take years,
> but that is OK.

Sure I'm all for doing what Pieter suggested— it's basically the plan
we've been executing for some time already but with the version check
to make it sane to complete.

My reserved sounding comments were relative to the proposals to do
things with nversion=1 transactions, frankly I think thats completely
insane. Though while we're on the subject of reservations, I am far
from confident that we've uncovered all the possible malleability
routes— that list gained a new, never before discussed entry, when
Pieter was writing it a couple weeks ago. We also have no proof of
the absence of further algebraic malleability in DSA (though I think
its somewhat unlikely, a solid proof of it has been somewhat elusive).

--
--
Gavin Andresen