Luke Dashjr [ARCHIVE] on Nostr: 📅 Original date posted:2015-10-21 📝 Original message:On Wednesday, October 21, ...
📅 Original date posted:2015-10-21
📝 Original message:On Wednesday, October 21, 2015 7:39:45 AM Christian Decker wrote:
> On Wed, Oct 21, 2015 at 8:19 AM Luke Dashjr <luke at dashjr.org> wrote:
> > This doesn't completely close malleability (which should be documented in
> > the BIP), so I'm not sure it's worth the cost, especially if closing
> > malleability later on would need more. How about specifying flags upfront
> > in the UTXO-creating transaction specifying which parts the signature
> > will cover? This would allow implementation of fully malleability-proof
> > wallets.
>
> As far as I see it the only remaining venues for malleability are the use
> of sighash flags that are not SIGHASH_ALL, as mentioned in the BIP. Any use
> of non-sighash_all flags is already an explicit permission to modify the
> transactions, by adding and removing inputs and outputs, so I don't see how
> these can be made non-malleable. Am I missing something?
Signer malleability is still a notable concern needing consideration. Ideally,
wallets should be trying to actively CoinJoin, bump fees on, etc any pending
transactions in the background. These forms of malleability affect nearly as
many real use cases as third-party malleability.
Luke
📝 Original message:On Wednesday, October 21, 2015 7:39:45 AM Christian Decker wrote:
> On Wed, Oct 21, 2015 at 8:19 AM Luke Dashjr <luke at dashjr.org> wrote:
> > This doesn't completely close malleability (which should be documented in
> > the BIP), so I'm not sure it's worth the cost, especially if closing
> > malleability later on would need more. How about specifying flags upfront
> > in the UTXO-creating transaction specifying which parts the signature
> > will cover? This would allow implementation of fully malleability-proof
> > wallets.
>
> As far as I see it the only remaining venues for malleability are the use
> of sighash flags that are not SIGHASH_ALL, as mentioned in the BIP. Any use
> of non-sighash_all flags is already an explicit permission to modify the
> transactions, by adding and removing inputs and outputs, so I don't see how
> these can be made non-malleable. Am I missing something?
Signer malleability is still a notable concern needing consideration. Ideally,
wallets should be trying to actively CoinJoin, bump fees on, etc any pending
transactions in the background. These forms of malleability affect nearly as
many real use cases as third-party malleability.
Luke