From: Chris Stewart <chris@suredbits•com>
To: Tao Effect <contact@taoeffect•com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Updating the Scaling Roadmap
Date: Wed, 12 Jul 2017 14:34:54 -0500 [thread overview]
Message-ID: <CAGL6+mGEBhn3fjTN5APX3kQjEFjGsG_2LEL_LgXiPOP=xoAZuQ@mail.gmail.com> (raw)
In-Reply-To: <26FE0468-7049-4BE0-948F-D5E40FE2CBAC@taoeffect.com>
[-- Attachment #1: Type: text/plain, Size: 4453 bytes --]
Hi Greg,
The safest way to ensure everyone's protection to make sure *no one can do
anything*. Then we will ALL be safe ;).
>If so, please leave, you are compromising Bitcoin's security.
Ok, let's calm down.
>If I design a car that has a button that randomly causes the brakes to
give out if pressed, is that a good idea? Can I justify pushing for such a
"feature" just because it's "opt-in"?
It would be more like "should we allow a car on the road if we know
statistically that our brakes give out in every 1/100,000,000 cars"? There
is security risks with everything in life -- we need to quantify the risk
to see if it is worth taking. I think Paul has been pretty upfront about
the risks of his model. I think you did a good job of demonstrating it in
the email I cited too.
>It is how *insecure* systems are designed.
By your account bitcoin is already insecure then -- it allows anyone can
spend outputs that can be claimed by miners.
>Sure, happy to, as soon as I have it written up in detail.
I look forward to this!
-Chris
On Wed, Jul 12, 2017 at 2:24 PM, Tao Effect <contact@taoeffect•com> wrote:
> Dear Chris,
>
> I think this is an unfair characterization. You have to opt into using
> drivechains.
>
>
> I have heard this nonsense repeated countless times in order to justify
> adopting Drivechain.
>
> This is not how security works.
>
> A child can "opt-in" to using a loaded gun, but is it a good idea to make
> it easy for them to do that?
>
> No.
>
> This is effectively the same thing Drivechains is doing.
>
> It is a request to modify the Bitcoin protocol to make it easy for Bitcoin
> users to give their Bitcoins to miners.
>
> Does that sound like a good idea to anyone?
>
> If so, please leave, you are compromising Bitcoin's security.
>
> Security is about making it difficult to shoot yourself in the face.
>
> If I design a car that has a button that randomly causes the brakes to
> give out if pressed, is that a good idea? Can I justify pushing for such a
> "feature" just because it's "opt-in"?
>
> No. That is fallacy.
>
> It is not how secure systems are designed.
>
> It is how *insecure* systems are designed.
>
> Care to share? I'm unaware if there is.
>
>
> Sure, happy to, as soon as I have it written up in detail.
>
> Kind regards,
> Greg Slepak
>
> --
> Please do not email me anything that you are not comfortable also sharing with
> the NSA.
>
> On Jul 12, 2017, at 12:19 PM, Chris Stewart <chris@suredbits•com> wrote:
>
> Hi Greg,
>
> >Here, you admit that the security of the sidechains allows miners to
> steal bitcoins, something they cannot do currently.
>
> If I put my coins in an anyone can spend output, a miner will take them.
> They can do this today. I suggest you try it if you don't believe me :-).
> You have to be more specific with contract types instead of generically
> talking about 'all contracts ever'.
>
> > Drivechain is an unmistakeable weakening of Bitcoin's security
> guarantees. This you have not denied.
>
> I think this is an unfair characterization. You have to opt into using
> drivechains. Other outputs such as P2PKH/Multisig etc are unaffected by a
> drivechain output. As Pieter Wuille stated earlier in this thread (and Paul
> has stated all along), drivechain outputs have a different security model
> than other contracts. Namely they are controlled by miners. I think we can
> all agree this is unfortunate, but it is the current reality we live in. I
> look forward to the day we can solve the 'ownership' problem so we can have
> trustless interoperable blockchains, but that day is not today.
>
> As a reminder, most users will not have to go through the drivechain
> withdrawal process. Most withdrawals will be done via atomic swaps.
>
> >There is no reason to weaken Bitcoin's security in such a dramatic
> fashion. Better options are being worked on, they just take time.
>
> Care to share? I'm unaware if there is.
>
> >https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-June/014600.
> html
>
> Everyone should re-read this email though, this is something that could
> happen. Paul's design makes it so that if this occurs it is *VERY* obvious.
> I guess we can argue if there is any difference between an obvious robbery
> vs a hidden robbery, but I think if we have to pick one or the other the
> choice is clear to me. Other designs (that I'm aware of) for sidechains had
> attack vectors that weren't so obvious.
>
> -Chris
>
>
>
>
>
[-- Attachment #2: Type: text/html, Size: 7769 bytes --]
next prev parent reply other threads:[~2017-07-12 19:34 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-10 16:50 Paul Sztorc
2017-07-11 16:03 ` Chris Stewart
2017-07-11 16:49 ` Adam Back
2017-07-11 20:01 ` Pieter Wuille
2017-07-11 20:36 ` Paul Sztorc
2017-07-11 21:40 ` Pieter Wuille
2017-07-11 22:49 ` Paul Sztorc
2017-07-11 21:16 ` CryptAxe
2017-07-11 20:18 ` Paul Sztorc
2017-07-11 21:31 ` Gregory Maxwell
2017-07-11 22:27 ` Paul Sztorc
2017-07-11 21:11 ` Gregory Maxwell
2017-07-11 21:40 ` Gregory Maxwell
2017-07-11 22:17 ` Paul Sztorc
2017-07-11 22:41 ` Tao Effect
2017-07-11 22:57 ` Paul Sztorc
2017-07-11 23:12 ` Tao Effect
2017-07-12 0:21 ` Paul Sztorc
2017-07-12 7:27 ` Jacob Eliosoff
2017-07-12 19:19 ` Chris Stewart
2017-07-12 19:24 ` Tao Effect
2017-07-12 19:34 ` Chris Stewart [this message]
2017-07-12 19:42 ` Tao Effect
2017-07-12 19:54 ` CryptAxe
2017-07-12 21:55 ` Tao Effect
2017-07-12 22:07 ` CryptAxe
2017-07-11 23:36 ` Bryan Bishop
2017-07-12 0:07 ` Gregory Maxwell
2017-07-12 1:40 ` Paul Sztorc
2017-07-12 2:48 ` Bryan Bishop
2017-07-12 3:33 ` Gregory Maxwell
2017-07-12 6:17 ` [bitcoin-dev] how to disable segwit in my build? Dan Libby
2017-07-13 1:04 ` Gregory Maxwell
2017-07-13 13:11 ` Federico Tenga
2017-07-13 13:39 ` Hampus Sjöberg
2017-07-13 16:19 ` Dan Libby
2017-07-13 16:35 ` Jameson Lopp
2017-07-13 21:58 ` Dan Libby
2017-07-13 22:50 ` Hampus Sjöberg
2017-07-13 23:20 ` Dan Libby
2017-07-14 8:52 ` Hampus Sjöberg
2017-07-14 9:03 ` Tier Nolan
2017-07-13 23:19 ` Lucas Clemente Vella
2017-07-13 16:05 ` Dan Libby
2017-07-14 21:11 ` Troy Benjegerdes
2017-07-13 1:48 ` Anthony Towns
2017-07-13 16:13 ` Dan Libby
2017-07-12 1:22 ` [bitcoin-dev] Updating the Scaling Roadmap Karl Johan Alm
2017-07-12 9:37 ` Tom Zander
2017-07-12 9:02 ` Tom Zander
2017-07-11 23:28 ` Anthony Towns
2017-07-17 17:13 ` [bitcoin-dev] Updating the Scaling Roadmap [Update] Paul Sztorc
2017-07-17 18:49 ` Alex Morcos
2017-07-17 20:13 ` Paul Sztorc
2017-07-17 21:50 ` Peter Todd
[not found] ` <20170717214704.ksegcrdqf3zeslah@fedora-23-dvm>
2017-07-17 22:04 ` Paul Sztorc
2017-07-11 22:26 [bitcoin-dev] Updating the Scaling Roadmap Steve Davis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGL6+mGEBhn3fjTN5APX3kQjEFjGsG_2LEL_LgXiPOP=xoAZuQ@mail.gmail.com' \
--to=chris@suredbits$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=contact@taoeffect$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox