Peter Todd [ARCHIVE] on Nostr: π Original date posted:2017-02-25 π Original message:On Sat, Feb 25, 2017 at ...
π
Original date posted:2017-02-25
π Original message:On Sat, Feb 25, 2017 at 03:34:33PM -0600, Steve Davis wrote:
> Yea, well. I donβt think it is ethical to post instructions without an associated remediation (BIP) if you donβt see the potential attack.
I can't agree with you at all there: we're still at the point where the
computational costs of such attacks limit their real-world impact, which is
exactly when you want the *maximum* exposure to what they are and what the
risks are, so that people develop mitigations.
Keeping details secret tends to keep the attacks out of public view, which
might be a good trade-off in a situation where the attacks are immediately
practical and the need to deploy a fix is well understood. But we're in the
exact opposite situation.
> I was rather hoping that we could have a fuller discussion of what the best practical response would be to such an issue?
Deploying segwit's 256-bit digests is a response that's already fully coded and
ready to deploy, with the one exception of a new address format. That address
format is being actively worked on, and could be deployed relatively quickly if
needed.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20170225/5ef5ac64/attachment.sig>;
π Original message:On Sat, Feb 25, 2017 at 03:34:33PM -0600, Steve Davis wrote:
> Yea, well. I donβt think it is ethical to post instructions without an associated remediation (BIP) if you donβt see the potential attack.
I can't agree with you at all there: we're still at the point where the
computational costs of such attacks limit their real-world impact, which is
exactly when you want the *maximum* exposure to what they are and what the
risks are, so that people develop mitigations.
Keeping details secret tends to keep the attacks out of public view, which
might be a good trade-off in a situation where the attacks are immediately
practical and the need to deploy a fix is well understood. But we're in the
exact opposite situation.
> I was rather hoping that we could have a fuller discussion of what the best practical response would be to such an issue?
Deploying segwit's 256-bit digests is a response that's already fully coded and
ready to deploy, with the one exception of a new address format. That address
format is being actively worked on, and could be deployed relatively quickly if
needed.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20170225/5ef5ac64/attachment.sig>;