s7r [ARCHIVE] on Nostr: 📅 Original date posted:2015-11-05 📝 Original message:-----BEGIN PGP SIGNED ...
📅 Original date posted:2015-11-05
📝 Original message:-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Right. Wallets are covering malleability in acceptable ways. Normal
user to user payments aren't (or at least shouldn't be) affected by
malleability.
Problems appear in second level and third level malleability, when
Alice sends txB to Bob which spends from txA which is unconfirmed. If
txA changes txid, txB becomes useless and invalidates Alice's payment.
Looking at scriptPubKeys instead of transaction IDs doesn't help in
this context.
This is the reason why some type of contracts are not workable or not
100% safe. One can't pre-sign a refund transaction with an nLockTime
in the future: the payer will provide the funding transaction ID from
which the refund tx will spend, but if the transaction ID of the
funding transaction is affected by malleability (third party
malleability, since the signer doesn't have interest to do so) the
refund tx becomes useless.
On 11/5/2015 10:25 PM, Jorge Timón via bitcoin-dev wrote:
> On Thu, Nov 5, 2015 at 8:36 PM, Luke Dashjr <luke at dashjr.org>
> wrote:
>> Ok, then my point is that "signature malleability" is not
>> particularly problematic or interesting alone, and the only way
>> to get a practically-useful solution, is to address all kinds of
>> malleability.
>
> I disagree. Segregated witnesses, for example, doesn't solve all
> kinds of malleability and is very useful in some practical cases by
> solving all signature malleability. As said, we don't want to
> eliminate all forms of malleability (for example, replace by fee),
> although we may want to "address them" at some level. As you have
> said, wallets should be looking at scriptPubKeys, not transaction
> ID, but that is orthogonal to SW, a normalized tx ID and signature
> malleability.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBCAAGBQJWO9w7AAoJEIN/pSyBJlsR2BsH+gMwxJ/isiWfJF12LJ9s4wat
Bd/K2Ld+Lyk5BRs+6rQzv5NeeYjYC3FtNFV+z1Z1dMDd752cUfEZqQA9dt9nl0E7
BEia3RSFii1k2L/4xwiIWKZM20qoiykou41J56GZrJa9SoP+9kg8iLq8CokahakP
PLjfBrTylJBsgq34foPPaOH9ckOa/RJpx3WHrRFTPhxbTCm1Ezv6jAZmYr9tTi1h
afzU0YayzLUIb9xH8vfODY2qMJ91uguTUZYCGuopDYhom5GMw8zss0kG5FdEZrEQ
Z7srQmKQ0SRMtiSlg6lg3d8TS5Mv1gIp1HcL+gtMFroi38pJS8dXT65nGjg0Epc=
=ZhVA
-----END PGP SIGNATURE-----
📝 Original message:-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Right. Wallets are covering malleability in acceptable ways. Normal
user to user payments aren't (or at least shouldn't be) affected by
malleability.
Problems appear in second level and third level malleability, when
Alice sends txB to Bob which spends from txA which is unconfirmed. If
txA changes txid, txB becomes useless and invalidates Alice's payment.
Looking at scriptPubKeys instead of transaction IDs doesn't help in
this context.
This is the reason why some type of contracts are not workable or not
100% safe. One can't pre-sign a refund transaction with an nLockTime
in the future: the payer will provide the funding transaction ID from
which the refund tx will spend, but if the transaction ID of the
funding transaction is affected by malleability (third party
malleability, since the signer doesn't have interest to do so) the
refund tx becomes useless.
On 11/5/2015 10:25 PM, Jorge Timón via bitcoin-dev wrote:
> On Thu, Nov 5, 2015 at 8:36 PM, Luke Dashjr <luke at dashjr.org>
> wrote:
>> Ok, then my point is that "signature malleability" is not
>> particularly problematic or interesting alone, and the only way
>> to get a practically-useful solution, is to address all kinds of
>> malleability.
>
> I disagree. Segregated witnesses, for example, doesn't solve all
> kinds of malleability and is very useful in some practical cases by
> solving all signature malleability. As said, we don't want to
> eliminate all forms of malleability (for example, replace by fee),
> although we may want to "address them" at some level. As you have
> said, wallets should be looking at scriptPubKeys, not transaction
> ID, but that is orthogonal to SW, a normalized tx ID and signature
> malleability.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBCAAGBQJWO9w7AAoJEIN/pSyBJlsR2BsH+gMwxJ/isiWfJF12LJ9s4wat
Bd/K2Ld+Lyk5BRs+6rQzv5NeeYjYC3FtNFV+z1Z1dMDd752cUfEZqQA9dt9nl0E7
BEia3RSFii1k2L/4xwiIWKZM20qoiykou41J56GZrJa9SoP+9kg8iLq8CokahakP
PLjfBrTylJBsgq34foPPaOH9ckOa/RJpx3WHrRFTPhxbTCm1Ezv6jAZmYr9tTi1h
afzU0YayzLUIb9xH8vfODY2qMJ91uguTUZYCGuopDYhom5GMw8zss0kG5FdEZrEQ
Z7srQmKQ0SRMtiSlg6lg3d8TS5Mv1gIp1HcL+gtMFroi38pJS8dXT65nGjg0Epc=
=ZhVA
-----END PGP SIGNATURE-----