Peter Todd [ARCHIVE] on Nostr: š Original date posted:2016-08-24 š Original message:On Thu, Aug 25, 2016 at ...
š
Original date posted:2016-08-24
š Original message:On Thu, Aug 25, 2016 at 01:37:34AM +1000, Matthew Roberts wrote:
> Really nice idea. So its like a smart contract that incentivizes
> publication that a server has been hacked? I also really like how the
> funding has been handled -- with all the coins stored in the same address
> and then each server associated with a unique signature. That way, you
> don't have to split up all the coins among every server and reduce the
> incentive for an attacker yet you can still identify which server was
> hacked.
>
> It would be nice if after the attacker broke into the server that they were
> also incentivized to act on the information as soon as possible (revealing
> early on when the server was compromised.) I suppose you could split up the
> coins into different outputs that could optimally be redeemed by the owner
> at different points in the future -- so they're incentivzed to act lest
Remember that it's _always_ possible for the owner to redeem the coins at any
time, and there's no way to prevent that.
The incentive for the intruder to collect the honeypot in a timely manner is
simple: once they've broken in, the moment the honeypot owner learns about the
compromise they have every reason to attempt to recover the funds, so the
intruder needs to act as fast as possible to maximize their chances of being
rewarded.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160824/860da896/attachment.sig>;
š Original message:On Thu, Aug 25, 2016 at 01:37:34AM +1000, Matthew Roberts wrote:
> Really nice idea. So its like a smart contract that incentivizes
> publication that a server has been hacked? I also really like how the
> funding has been handled -- with all the coins stored in the same address
> and then each server associated with a unique signature. That way, you
> don't have to split up all the coins among every server and reduce the
> incentive for an attacker yet you can still identify which server was
> hacked.
>
> It would be nice if after the attacker broke into the server that they were
> also incentivized to act on the information as soon as possible (revealing
> early on when the server was compromised.) I suppose you could split up the
> coins into different outputs that could optimally be redeemed by the owner
> at different points in the future -- so they're incentivzed to act lest
Remember that it's _always_ possible for the owner to redeem the coins at any
time, and there's no way to prevent that.
The incentive for the intruder to collect the honeypot in a timely manner is
simple: once they've broken in, the moment the honeypot owner learns about the
compromise they have every reason to attempt to recover the funds, so the
intruder needs to act as fast as possible to maximize their chances of being
rewarded.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160824/860da896/attachment.sig>;