On Thu, Mar 20, 2025 at 03:47:16PM -0700, Antoine Riard wrote: > Hi Peter, > > See also that can be relevant for taproot annex support: > https://github.com/bitcoin/bips/pull/1381 Thanks. > > 1) All non-empty annexes start with the byte 0x00, to distinguish them > > from consensus-relevant annexes. This ensures that any use of the > > annex will not conflict with future soft-forks that may assign > > meaning to the annex. > > So IIUC, it would be 1-byte: 0x00 | . Correct. When annex data finally does get a consensus meaning any encoding scheme starting with a non-zero byte will be compatible. Most likely we'll get some tag-length-value encoding scheme. Applications already using annexes who want to also take advantage of new consensus features will of course have to upgrade their encoding schemes to match. But I think that's fine. > > 2) All inputs have an annex. This ensures that use of the annex is > > opt-in, preventing transaction pinning attacks in multi-party > > protocols. This requirement may be relaxed in the future, eg to allow > > spends of keyless outputs, and/or if RBF for witness-only > > replacements is implemented. > > I think it's good to start with all inputs have an annex. It avoids > the kind of issue, like what if the annex size is inflated to downgrade > the feerate of the multi-party transaction (e.g to have a coinjoin > stucking in network mempools). Glad to hear you agree. > One thing that might be missed, without having looked to the code, is > potentially a policy transaction-relay rule to limit the max size of the > annex, to avoid the same concern than above. There shouldn't be max > limit for now, as normally the annex is not standard at all as a taproot > data field. Libre Relay has no limit on OP_Return output size; I'm not going to artificially limit annex usage either. The requirement to opt-in to annex usage should be sufficient. There is a possibility of a multi-party, annex-using, protocol where someone does a pinning attack by re-signing their transaction with a bigger annex. But witness-RBF in combination with replace-by-fee-rate will fix this, so I'm not concerned. No such protocols actually exist yet anyway, so we can figure that out later. -- https://petertodd.org 'peter'[:-1]@petertodd.org -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/Z-GFqu7bfDGdLSa-%40petertodd.org.