From: Tier Nolan <tier.nolan@gmail•com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] BIP clearing house addresses
Date: Sat, 6 Aug 2016 12:13:52 +0100 [thread overview]
Message-ID: <CAE-z3OUJBVn8Ogc8gCZbJ0V_JV1UQjk0FSBjguzwgZ5kTjBTtA@mail.gmail.com> (raw)
In-Reply-To: <0b314ab7-b5ec-3468-15d7-37e07a6b592c@sky-ip.org>
[-- Attachment #1: Type: text/plain, Size: 2432 bytes --]
On Sat, Aug 6, 2016 at 11:39 AM, s7r via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:
> * reversal of transactions is impossible
>
I think it would be more accurate to say that the requirement is that
reversal doesn't happen unexpectedly.
If it is clear in the script that reversal is possible, then obviously the
recipient can take that into consideration.
> * keep private keys private and safe. Lose them, it's like losing cash,
> you can just forget about it.
>
Key management is a thing. Managing risk by keeping some keys offline is
an important part of that.
> * while we try hard to make 0-conf as safe as possible (if there's no
> RBF flag on the transaction), we make it almost impossible or very very
> expensive to reverse a confirmed transaction.
>
BitGo has an "instant" system where they promise to only sign one
transaction for a given output. If you trust BitGo, then this is safe from
double spending, since a double spender can't sign two transactions.
If BitGo had actually implemented a daily withdrawal limit, then their
system ends up similar to cold storage. Only 10% of the funds at Bitfinex
could have been withdrawn before manual intervention was required (with
offline keys).
Who will accept
> such an input and treat it as a payment if it can be reversed during the
> settlement layer?
Obviously, if a payment is reversible, then you treat it as a reversible
payment. The protection here relates to moving coins from the equivalent
of cold storage to hot storage.
It is OK if it takes longer, since security is more important than
convenience for coins in cold storage.
> The linked page describes that merchants will never accept payments from
> 'vaults', and it will take 24 hours for coins to be irreversible moved
> outside the 'vault'.
This relates to the reserves held by the exchange. A portion of the funds
are in hot storage with live keys. These funds can be stolen by anyone who
gets access to the servers. The remaining funds are held in cold storage
and they cannot be accessed unless you have the offline keys. These funds
are supposed to be hard to reach and require manual intervention.
I think this is a wrong approach. hacks and big losses are sad, but all
> the time users / exchanges are to blame for wrong implementations or
> terrible security practices.
>
Setting up offline keys to act as firebreaks is part of good security
practices.
[-- Attachment #2: Type: text/html, Size: 3678 bytes --]
next prev parent reply other threads:[~2016-08-06 11:13 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-03 18:16 Matthew Roberts
2016-08-03 21:13 ` Troy Benjegerdes
2016-08-03 23:55 ` Tier Nolan
2016-08-04 2:07 ` Matthew Roberts
2016-08-04 3:27 ` Luke Dashjr
2016-08-04 3:49 ` Andrew Johnson
2016-08-04 4:53 ` Matthew Roberts
2016-08-04 12:43 ` Erik Aronesty
2016-08-06 10:39 ` s7r
2016-08-06 11:13 ` Tier Nolan [this message]
2016-08-07 5:35 ` Matthew Roberts
2016-08-07 22:59 ` Erik Aronesty
2016-08-08 0:48 ` Matthew Roberts
2016-08-08 9:56 ` Tier Nolan
2016-08-08 10:09 ` Erik Aronesty
2016-08-08 11:01 ` Tier Nolan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAE-z3OUJBVn8Ogc8gCZbJ0V_JV1UQjk0FSBjguzwgZ5kTjBTtA@mail.gmail.com \
--to=tier.nolan@gmail$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox