{ "founder": "wumpus", "channel": "#bitcoin-core-dev", "network": "freenode", "id": "12bc328dbf1545b09add8b8d724fadb7", "name": "#bitcoin-core-dev", "chair": "wumpus", "chairs": [ "wumpus" ], "nicks": { "wumpus": 20, "lightningbot": 2, "btcdrak": 8, "paveljanik": 6, "cfields_": 31, "gmaxwell": 46, "instagibbs": 7, "MarcoFalke": 2, "CodeShark": 16, "sipa": 51, "petertodd": 26, "jonasschnelli": 31, "luke-jr": 12, "murch": 1, "kanzure": 9, "afk11": 1, "michagogo": 1, "jeremyrubin": 3 }, "start_time": "2016-08-25T19:02:37+00:00", "end_time": "2016-08-25T19:57:10+00:00", "active": false, "original_topic": "Bitcoin Core development discussion and commit log | This is the channel for developing Bitcoin Core. Feel free to watch, but please take commentary and usage questions to #bitcoin | Channel logs: https://botbot.me/freenode/bitcoin-core-dev, http://www.erisian.com.au/bitcoin-core-dev/", "current_topic": "code signing", "messages": [ { "id": "6dbc903ee77a48b2bc4a92040323e010", "sender": "wumpus", "payload": "#startmeeting", "action": false, "timestamp": "2016-08-25T19:02:37+00:00" }, { "id": "f208175839e147d5a27d960fc202c723", "sender": "lightningbot", "payload": "Meeting started Thu Aug 25 19:02:37 2016 UTC. The chair is wumpus. Information about MeetBot at http://wiki.debian.org/MeetBot.", "action": false, "timestamp": "2016-08-25T19:02:37+00:00" }, { "id": "a26f3826327b4da382a4e78bd0fc039f", "sender": "lightningbot", "payload": "Useful Commands: #action #agreed #help #info #idea #link #topic.", "action": false, "timestamp": "2016-08-25T19:02:37+00:00" }, { "id": "a0badf28b2a14532b2eb11e912654c3c", "sender": "btcdrak", "payload": "here", "action": false, "timestamp": "2016-08-25T19:02:51+00:00" }, { "id": "31fc5e340f844980a89058959a8ec31e", "sender": "paveljanik", "payload": "I'd like to ask for more ACKs on Wshadow PRs", "action": false, "timestamp": "2016-08-25T19:02:57+00:00" }, { "id": "9b0c5f379449480c87d404a0f6e08301", "sender": "paveljanik", "payload": ";-)", "action": false, "timestamp": "2016-08-25T19:02:59+00:00" }, { "id": "0d96ba0ad540435085d618910804e6c4", "sender": "cfields_", "payload": "seconded. Will ACK/re-ACK.", "action": false, "timestamp": "2016-08-25T19:03:12+00:00" }, { "id": "cb5979e0f7fb42bf9c43cff6d9276099", "sender": "gmaxwell", "payload": "paveljanik: as you wish.", "action": false, "timestamp": "2016-08-25T19:03:18+00:00" }, { "id": "a34536c45999490b8f402ebe15477f1b", "sender": "instagibbs", "payload": "paveljanik, pr #?", "action": false, "timestamp": "2016-08-25T19:03:32+00:00" }, { "id": "d79f9e4d25e34b358f1fc524d0538dab", "sender": "cfields_", "payload": "(i caught a bug of my own with -Wshadow yesterday)", "action": false, "timestamp": "2016-08-25T19:03:34+00:00" }, { "id": "2c070fe3c1e74ac390172a1325400d9d", "sender": "instagibbs", "payload": "for those not initiated", "action": false, "timestamp": "2016-08-25T19:03:36+00:00" }, { "id": "ecba8aae40f649979a7dce6954f3e4e7", "sender": "MarcoFalke", "payload": "paveljanik: I ACKed all. Anything I missed?", "action": false, "timestamp": "2016-08-25T19:03:37+00:00" }, { "id": "7b82f2edb6cf4bb7892e9c1084aba16d", "sender": "gmaxwell", "payload": "Give the PP@.", "action": false, "timestamp": "2016-08-25T19:03:40+00:00" }, { "id": "c8664e1ee81a48de968a4affb3351424", "sender": "gmaxwell", "payload": "gr. PR#", "action": false, "timestamp": "2016-08-25T19:03:55+00:00" }, { "id": "7280f7bd572e4be1ad97743c86013bce", "sender": "MarcoFalke", "payload": "https://github.com/bitcoin/bitcoin/pulls/paveljanik", "action": false, "timestamp": "2016-08-25T19:03:59+00:00" }, { "id": "4a5b4648981f4d3fb19c4c06aa7851bb", "sender": "paveljanik", "payload": "8449, 8472, 8191, 8163, 8109", "action": false, "timestamp": "2016-08-25T19:04:20+00:00" }, { "id": "b6677a9ac5504fcc8e4a043a37ce4b8f", "sender": "paveljanik", "payload": "but yes, Marco's link is even better", "action": false, "timestamp": "2016-08-25T19:04:43+00:00" }, { "id": "38b0160929b143c8ad6d6ed000b33436", "sender": "wumpus", "payload": "anything that really needs to be discussed at the meetng?", "action": false, "timestamp": "2016-08-25T19:05:00+00:00" }, { "id": "b94668e667894456a2364e1cc618de3d", "sender": "CodeShark", "payload": "no, we've already accomplished everything - there's nothing more to do ever", "action": false, "timestamp": "2016-08-25T19:05:26+00:00" }, { "id": "0618cbe1246b4aff970c32d29e0d6d22", "sender": "gmaxwell", "payload": "woot.", "action": false, "timestamp": "2016-08-25T19:05:32+00:00" }, { "id": "69973f4981744abb83f29e2682851931", "sender": "sipa", "payload": "i'd like to bring up the various proposals for segwit DoS protection", "action": false, "timestamp": "2016-08-25T19:05:33+00:00" }, { "id": "d293e8bd5b024e40a7129fc84bd65ef1", "sender": "gmaxwell", "payload": "^", "action": false, "timestamp": "2016-08-25T19:05:38+00:00" }, { "id": "eb626cdded5f492f8c4a9554f7c2db9f", "sender": "instagibbs", "payload": "ack", "action": false, "timestamp": "2016-08-25T19:05:39+00:00" }, { "id": "e1e1e7642bd04918a91c66a0a1ec08b7", "sender": "petertodd", "payload": "ack", "action": false, "timestamp": "2016-08-25T19:05:41+00:00" }, { "id": "8e0a6ae9e4ca41b887ee59b388938d59", "sender": "btcdrak", "payload": "ack", "action": false, "timestamp": "2016-08-25T19:05:41+00:00" }, { "id": "10b0ced4e8bc49428c19525b4ab9814e", "sender": "wumpus", "payload": "well I'm very happy we finally managed to release 0.13.0, congrats everyone!", "action": false, "timestamp": "2016-08-25T19:05:47+00:00" }, { "id": "c148533e335b404cb280adccaa733355", "sender": "paveljanik", "payload": "Do we have any numbers of 0.13.0 nodes?", "action": false, "timestamp": "2016-08-25T19:05:51+00:00" }, { "id": "a9db2448c9bd41c8853b62aa23e5ad44", "sender": "cfields_", "payload": "topic suggestion: codesigning update", "action": false, "timestamp": "2016-08-25T19:05:56+00:00" }, { "id": "d23537c7a84d4f5eb101f506a17d66af", "sender": "paveljanik", "payload": "congrats to wumpus!", "action": false, "timestamp": "2016-08-25T19:05:58+00:00" }, { "id": "0e103c779e9443379a984eb8b6793629", "sender": "jonasschnelli", "payload": "is checking the 0.13 nodes on his seeder", "action": true, "timestamp": "2016-08-25T19:06:05+00:00" }, { "id": "ace3b707eef1417a8cb46094a966f900", "sender": "instagibbs", "payload": "paveljanik, few hundred ones bitnodes has reached", "action": false, "timestamp": "2016-08-25T19:06:07+00:00" }, { "id": "e343751f8d4d4bf4a8527eceb45e4d09", "sender": "btcdrak", "payload": "beer for wumpus", "action": false, "timestamp": "2016-08-25T19:06:09+00:00" }, { "id": "6521096d6d684fbfad569e3173c1e9a2", "sender": "sipa", "payload": "wumpus: congrats to all, and thanks a lot wumpus", "action": false, "timestamp": "2016-08-25T19:06:12+00:00" }, { "id": "c469a283049e485ca586a8069c54ccb6", "sender": "wumpus", "payload": "#topic proposals for segwit DoS protection", "action": false, "timestamp": "2016-08-25T19:06:13+00:00" }, { "id": "36252b37c75044df9b91d8e03bc1761b", "sender": "gmaxwell", "payload": "Some of this is more general than segwit. There as some existing minor vulnerablities that have been ignored, which were pointed out in segwit form. Good to resolve those too.", "action": false, "timestamp": "2016-08-25T19:06:21+00:00" }, { "id": "9f27ccc5e82342c18bbb2860c6c0d474", "sender": "luke-jr", "payload": "paveljanik: http://luke.dashjr.org/programs/bitcoin/files/charts/branches.html", "action": false, "timestamp": "2016-08-25T19:06:35+00:00" }, { "id": "01ae168897c04826a16d22b2e45e795e", "sender": "murch", "payload": "paveljanik: 322 (according to bitnodes)", "action": false, "timestamp": "2016-08-25T19:06:51+00:00" }, { "id": "30c6c96a20b04fcda279e8cf2e3fe830", "sender": "gmaxwell", "payload": "Congrats on 0.13. It looks like a great release.", "action": false, "timestamp": "2016-08-25T19:06:56+00:00" }, { "id": "6c5ca55d46b74041b24516dd64a374be", "sender": "jonasschnelli", "payload": "cat dnsseed.dump | grep \"0.13.0\" | grep \" 1 \" | wc -l ---> 62", "action": false, "timestamp": "2016-08-25T19:06:57+00:00" }, { "id": "b7717fecf7b74c6aabffa10dcd6adc58", "sender": "sipa", "payload": "so the main issue is #8279", "action": false, "timestamp": "2016-08-25T19:07:01+00:00" }, { "id": "22e8a905478c4ed79c994f5f87a01d1c", "sender": "jonasschnelli", "payload": "213 seeds in non-good state (probably just set up)", "action": false, "timestamp": "2016-08-25T19:07:37+00:00" }, { "id": "26e15f5e9ddc457e9a2285e1a625c5fa", "sender": "jonasschnelli", "payload": "s/seeds/nodes", "action": false, "timestamp": "2016-08-25T19:07:43+00:00" }, { "id": "5ce0ee9f417c4df884699f619b2892b9", "sender": "gmaxwell", "payload": "there are a lot more parties running it than accepting inbound, as typical.", "action": false, "timestamp": "2016-08-25T19:08:09+00:00" }, { "id": "1091de3f1f3347a494a52c65359969f7", "sender": "sipa", "payload": "and there have been several proposed solutions, including: verify all inputs (even if the transaction is too big or below feerate), not entering failed witness txn into the reject table, making feefilter mandatory, ...", "action": false, "timestamp": "2016-08-25T19:08:11+00:00" }, { "id": "348a0ab0bc0a4d76a773f460da9622e7", "sender": "jonasschnelli", "payload": "https://github.com/bitcoin/bitcoin/issues/8279", "action": false, "timestamp": "2016-08-25T19:08:30+00:00" }, { "id": "9e3f646fe4a54c4d8e5eb46a6a453ccc", "sender": "gmaxwell", "payload": "sipa: I think all of these changes are beneficial.", "action": false, "timestamp": "2016-08-25T19:08:51+00:00" }, { "id": "7f2a01325c044bb3b3e4cba1f9250413", "sender": "kanzure", "payload": "this is separate from the malleability confusion someone posted about the other day, ya?", "action": false, "timestamp": "2016-08-25T19:08:52+00:00" }, { "id": "8120f540b00742c9937bc8939d079956", "sender": "luke-jr", "payload": "sipa: making feefilter mandatory, or merely always using it?", "action": false, "timestamp": "2016-08-25T19:09:07+00:00" }, { "id": "ae7e164e8c2948aa8f25e1713522f073", "sender": "instagibbs", "payload": "kanzure, the linked github issue explains it", "action": false, "timestamp": "2016-08-25T19:09:14+00:00" }, { "id": "2b83dfef7ce745cfb2144ef36be65948", "sender": "sipa", "payload": "luke-jr: you need to be able to rely on it, and be able to ban peers who disregard it", "action": false, "timestamp": "2016-08-25T19:09:31+00:00" }, { "id": "4c5f423ef58446fbbb6a3b0664bf8626", "sender": "gmaxwell", "payload": "luke-jr: me means giving it an ack message and punting peers that violate it.", "action": false, "timestamp": "2016-08-25T19:09:33+00:00" }, { "id": "1ecfabd2113f42688f2ebaa7ce5bc940", "sender": "sipa", "payload": "luke-jr: as you're moving the responsibility for filtering things you won't accept to the sender", "action": false, "timestamp": "2016-08-25T19:10:00+00:00" }, { "id": "76e16fa8cc274091886dd0671adee8ab", "sender": "luke-jr", "payload": "ok, so <0.12 nodes wouldn't be kicked", "action": false, "timestamp": "2016-08-25T19:10:22+00:00" }, { "id": "620351b953084b59b1e21c49ab67c2df", "sender": "gmaxwell", "payload": "right.", "action": false, "timestamp": "2016-08-25T19:10:28+00:00" }, { "id": "823ccfb2c42441a2bbaa73b3833d013f", "sender": "petertodd", "payload": "segwit is a good opportunity to make feefilter mandatory, given we're completely changing what nodes we connect too", "action": false, "timestamp": "2016-08-25T19:10:31+00:00" }, { "id": "97446fd390ad415083512ffea82101e4", "sender": "kanzure", "payload": "instagibbs: for example; someone was unaware that adding witness data to a non-segwit script was consensus-invalid. but er, your link seems more productive anyway, so nevermind.", "action": false, "timestamp": "2016-08-25T19:10:34+00:00" }, { "id": "f5d3dc3ba74947a4ae22e70962be9e1a", "sender": "btcdrak", "payload": "petertodd: i think that is the plan", "action": false, "timestamp": "2016-08-25T19:11:05+00:00" }, { "id": "2f54e7e3d2094f9d859089a1a0238862", "sender": "sipa", "payload": "yes, but it seems hasty to do that along with 0.13.1", "action": false, "timestamp": "2016-08-25T19:11:20+00:00" }, { "id": "45a729966a3044759e2a2eb14a78f271", "sender": "gmaxwell", "payload": "in any case, \"verify all inputs\" was a proposal from before segwit was even imagined.", "action": false, "timestamp": "2016-08-25T19:11:58+00:00" }, { "id": "c783fb5f55174071a11cbd953be771bb", "sender": "petertodd", "payload": "sipa: sure, but 0.13.1 also \"hastily\" has to stop fetching stuff from non-segwit nodes", "action": false, "timestamp": "2016-08-25T19:12:00+00:00" }, { "id": "912ecd78f6154f34b1c97456f7bc6ec8", "sender": "sipa", "payload": "petertodd: by hasty i mean we haven't implemented/tested/... a mandatory feefilter yet", "action": false, "timestamp": "2016-08-25T19:12:19+00:00" }, { "id": "8144da5dfba7420e95390cf9452d71ad", "sender": "sipa", "payload": "we have tested the relay behaviour of segwit vs non-segwit peers", "action": false, "timestamp": "2016-08-25T19:12:29+00:00" }, { "id": "f3dd635ec186427bac4c23667207cfa9", "sender": "gmaxwell", "payload": "I believe the primary reason we didn't just make the verify all inputs change is that it was proposed before feefilter, during spam attacks, and there was a lot of rejected stuff coming from even cooperative peers. That should be resolving now.", "action": false, "timestamp": "2016-08-25T19:13:21+00:00" }, { "id": "fa21cc471b3c42bc8e2592fa0ec80dbd", "sender": "petertodd", "payload": "sipa: but thats the thing, you can just make it mandatory if the peer is a segwit peer, and leave the current behavior the same otherwise - non-segwit peers can't send us segwit txs at all (other than ones stripped of their witnesses which is easy to detect)", "action": false, "timestamp": "2016-08-25T19:13:23+00:00" }, { "id": "095e93c07b3f44a78e5718f21cc67c71", "sender": "sipa", "payload": "petertodd: we still need a new network message etc", "action": false, "timestamp": "2016-08-25T19:13:59+00:00" }, { "id": "b900d77f2bd240c48c9d2c9d67db5cca", "sender": "sipa", "payload": "otherwise peers can just ignore your feefilter", "action": false, "timestamp": "2016-08-25T19:14:13+00:00" }, { "id": "918167f9873e4e6fb212eace91eb079e", "sender": "petertodd", "payload": "sipa: maybe I'm missing something, but why do we need a new network message?", "action": false, "timestamp": "2016-08-25T19:14:29+00:00" }, { "id": "909670f31c2e41658566f0543b1fecf1", "sender": "luke-jr", "payload": "sipa: I think petertodd is saying \"segwit peers MUST NOT ignore feefilter\"", "action": false, "timestamp": "2016-08-25T19:14:31+00:00" }, { "id": "f530090617104df9b401bff097e8e4df", "sender": "gmaxwell", "payload": "petertodd: because the protocol is async, we don't know if the far end has recieved our feefilter request yet.", "action": false, "timestamp": "2016-08-25T19:14:48+00:00" }, { "id": "527fbd67b83948d3a90a2d147f66cb8b", "sender": "sipa", "payload": "petertodd: you don't know what the last feefilter message you sent is that your peer received", "action": false, "timestamp": "2016-08-25T19:14:50+00:00" }, { "id": "18ccf6402fcd46ab8cfdcd6c9aeb0106", "sender": "petertodd", "payload": "sipa: ah right, duh...", "action": false, "timestamp": "2016-08-25T19:15:15+00:00" }, { "id": "1e0334832a5a4f64b2bf3a2fd76da6cc", "sender": "gmaxwell", "payload": "so you send a feefilter, remote sends an inv.. you get the data.. oops failed filter.. Was the far end bad or just too fast?", "action": false, "timestamp": "2016-08-25T19:15:26+00:00" }, { "id": "05bc66429a1a4037aabdc5d684493e17", "sender": "gmaxwell", "payload": "so the suggestion there is to add a feefilterack, and punt peers that should send it but don't send it 'fast enough'", "action": false, "timestamp": "2016-08-25T19:15:56+00:00" }, { "id": "46ec35b11f414a408c43c7b8f622871b", "sender": "petertodd", "payload": "sipa: I had it in my head that feefilter worked the other way around, and already had a new inv with fee info...", "action": false, "timestamp": "2016-08-25T19:15:59+00:00" }, { "id": "4d02a8a98bc84e688fd7a4238317334e", "sender": "luke-jr", "payload": "are there any possible nodes where implementing feefilter would be a burden? I think we already need fee info to relay transactions anyway, right?", "action": false, "timestamp": "2016-08-25T19:15:59+00:00" }, { "id": "d35258051993417d9ad72b65d1f0f61e", "sender": "gmaxwell", "payload": "luke-jr: yes, thats part of the consideration.", "action": false, "timestamp": "2016-08-25T19:16:31+00:00" }, { "id": "35d629a337704a88a39820e78e0a9e3a", "sender": "sipa", "payload": "i expect that most of the problems are solved with just having feefilter", "action": false, "timestamp": "2016-08-25T19:16:54+00:00" }, { "id": "028d7ee2c4d043a5bab42f14870fa67b", "sender": "sipa", "payload": "and we can just do #8525 now", "action": false, "timestamp": "2016-08-25T19:17:27+00:00" }, { "id": "03012dc8ce7b4f528b1ebdf5ad46315c", "sender": "luke-jr", "payload": "hm, what if we change feerate's definition and want to get rid of the current algo some day?", "action": false, "timestamp": "2016-08-25T19:17:34+00:00" }, { "id": "2290d0ff80a34245b00da7b194259749", "sender": "sipa", "payload": "(don't store witness txn in the reject cache)", "action": false, "timestamp": "2016-08-25T19:17:36+00:00" }, { "id": "bd2bef94681f4a77843aa0181140d55d", "sender": "gmaxwell", "payload": "I think we should be able to always validate now that feefilter is in place. The only argument I recall against always validating is that that a significant fraction of all recieved txn failed the fee check. That should be much less true now.", "action": false, "timestamp": "2016-08-25T19:17:54+00:00" }, { "id": "5f49ab995c084cd696c2b5176e0c3881", "sender": "jonasschnelli", "payload": "https://github.com/bitcoin/bitcoin/pull/8525", "action": false, "timestamp": "2016-08-25T19:17:59+00:00" }, { "id": "304194aec50643aab507ee78cf61a993", "sender": "petertodd", "payload": "sipa: that could be a problem in the future if we have peers with different non-fee-related acceptance criteria than us", "action": false, "timestamp": "2016-08-25T19:18:16+00:00" }, { "id": "ea388e3174074b97b4650ef31e8e1b9a", "sender": "CodeShark", "payload": "I kinda like the idea of an inv with fee data - slightly larger messages but no need for state", "action": false, "timestamp": "2016-08-25T19:18:25+00:00" }, { "id": "051d82ed71f74954b5aecdfdbbdcd76e", "sender": "gmaxwell", "payload": "reject cache was 90% implemented for lack of a fee filter.", "action": false, "timestamp": "2016-08-25T19:18:30+00:00" }, { "id": "c39b7041d6b84bf193012829db8256e3", "sender": "sipa", "payload": "gmaxwell: that would open up many attacks... i don't think those are impossible to fix, but it needs a lot of analysis", "action": false, "timestamp": "2016-08-25T19:18:43+00:00" }, { "id": "1ff877b58277431eb3b14701e99d3af1", "sender": "gmaxwell", "payload": "I disagree.", "action": false, "timestamp": "2016-08-25T19:18:54+00:00" }, { "id": "c78336dca9d44e0495784489e880acf8", "sender": "sipa", "payload": "i like the idea of always validating (as #8593 does), but it feels risky", "action": false, "timestamp": "2016-08-25T19:19:21+00:00" }, { "id": "493cb16d0ee74501a1f5f03869b1cfea", "sender": "gmaxwell", "payload": "An uncached UTXO lookup eclipses the validation costs on most systems by orders of magnitude.", "action": false, "timestamp": "2016-08-25T19:19:27+00:00" }, { "id": "3748fb87e3de49628ecc63ffedfff3b1", "sender": "petertodd", "payload": "gmaxwell: yeah, I don't see how an attacker who can DoS attack by sending specially crafted txs is ever stopped by the other validation rules, and yes, UTXO looking is expensive too", "action": false, "timestamp": "2016-08-25T19:19:51+00:00" }, { "id": "3a2aa0ac41aa49adbefdfcf862292a95", "sender": "CodeShark", "payload": "can't we consider extreme cases?", "action": false, "timestamp": "2016-08-25T19:20:12+00:00" }, { "id": "14630db9d8f54fe48fca5de50e1d76ad", "sender": "CodeShark", "payload": "what's the maximum possible validation cost for a single transaction?", "action": false, "timestamp": "2016-08-25T19:20:31+00:00" }, { "id": "d013710d00184cf085e0c0fefff59bcb", "sender": "sipa", "payload": "huge... remember we can't have any feerate or size based rejection criteria beforehand", "action": false, "timestamp": "2016-08-25T19:21:01+00:00" }, { "id": "bb68adc7d7da42af9c2ee6c91e3c22ec", "sender": "gmaxwell", "payload": "well you can have a stripped size limit.", "action": false, "timestamp": "2016-08-25T19:21:33+00:00" }, { "id": "fd58641fa6aa4bc99a46d4c0f5fdee64", "sender": "sipa", "payload": "yes, #8593 does that", "action": false, "timestamp": "2016-08-25T19:21:54+00:00" }, { "id": "3ef7b34a3a5a4e438c549056cbfdca84", "sender": "sipa", "payload": "but you can't use fee", "action": false, "timestamp": "2016-08-25T19:21:59+00:00" }, { "id": "4fff110afa50471ab71a477dd29e2e44", "sender": "sipa", "payload": "or at least not actual feerate, only stripped-size-feerate", "action": false, "timestamp": "2016-08-25T19:22:19+00:00" }, { "id": "374b3b16ec0b4152a0feeceb538640a0", "sender": "CodeShark", "payload": "I'm not sure if this is what petertodd was referring to above - but I was imagining an inv that sends not just transaction hash - it also sends fee amount and tx size", "action": false, "timestamp": "2016-08-25T19:22:53+00:00" }, { "id": "1bf9a86b0a954ffcb047b1df4653746a", "sender": "petertodd", "payload": "sipa: so, an attacker who was trying to DoS attack you would just pay enough fee, with a tx that triggered O(n^2) complexity", "action": false, "timestamp": "2016-08-25T19:23:11+00:00" }, { "id": "9d3d7b945b0143fd9d0047a84cbbb005", "sender": "petertodd", "payload": "sipa: so I don't see the value of feerate in preventing DoS attack there anyway", "action": false, "timestamp": "2016-08-25T19:23:31+00:00" }, { "id": "a4a55db39de24aeb887244f6a4530c48", "sender": "sipa", "payload": "an attacker can now craft a very expensive valid transaction that has a feerate too low to be acceptable to you, but stripped-size-feerate high enough", "action": false, "timestamp": "2016-08-25T19:23:41+00:00" }, { "id": "0a37a5c9e2734fb1990c5bb1bf6dcb71", "sender": "sipa", "payload": "and you'll validate it, but not relay", "action": false, "timestamp": "2016-08-25T19:23:50+00:00" }, { "id": "106f758a6b574e9bb167fdc3458bef8d", "sender": "gmaxwell", "payload": "CodeShark: improved invs are a fine thing, longer term (though we should be spending our time on reconcillation, IMO) -- but I think the focus of the discussion is on shorter term since we likely need some improvements for 0.13.", "action": false, "timestamp": "2016-08-25T19:24:43+00:00" }, { "id": "7ea5eb1a4bc9406ea99df50a98b0abed", "sender": "petertodd", "payload": "right, but relaying is worse! we're then attacking others, and there's still no guarantee the tx will get mined, allowing the attacker to doublespend and repeat", "action": false, "timestamp": "2016-08-25T19:24:47+00:00" }, { "id": "9bb477ba544f4758a5244779cec1697d", "sender": "sipa", "payload": "petertodd: well in no case will any of this relay", "action": false, "timestamp": "2016-08-25T19:25:03+00:00" }, { "id": "43f93754efb84e639b1307d7d06ce9cc", "sender": "gmaxwell", "payload": "An alternative jl2012 suggested to validating all was to randomly validate some percentage. This will allow you to punt a peer sending you garbage, but you only take a fraction of the cost.", "action": false, "timestamp": "2016-08-25T19:25:16+00:00" }, { "id": "341733623f774089bb073297432aa2a3", "sender": "CodeShark", "payload": "gmaxwell: it seems simpler to just create a new static inv structure than to have to manage session states and do feefilteracks and stuff like that", "action": false, "timestamp": "2016-08-25T19:26:11+00:00" }, { "id": "9723abda66584a05978be83c8f670e54", "sender": "petertodd", "payload": "sipa: sure, so then why not kick peers that send us DoS attack txs? IsStandard() has been around long enough that we could get away with that", "action": false, "timestamp": "2016-08-25T19:26:41+00:00" }, { "id": "872dcc665fd94fe09dc6b66babe3b797", "sender": "sipa", "payload": "CodeShark: i think mandatory feefilter is a better solution than adding 10 kB of data to each inv", "action": false, "timestamp": "2016-08-25T19:27:04+00:00" }, { "id": "bbcae7e5b26f40b6bf589bbb2d8083a6", "sender": "gmaxwell", "payload": "CodeShark: not so, right now inv bandwidth is already _greater_ than transaction bandwidth. You can't really escape the need to have people not send you things you're totally disinterested in.", "action": false, "timestamp": "2016-08-25T19:27:10+00:00" }, { "id": "92de374691ce414b9eb753d0af1f96bb", "sender": "CodeShark", "payload": "10kB of data?", "action": false, "timestamp": "2016-08-25T19:28:05+00:00" }, { "id": "c136a471737a40f8a75448ca128ff3fc", "sender": "CodeShark", "payload": "the fee is uint64 and the tx size is varint", "action": false, "timestamp": "2016-08-25T19:28:26+00:00" }, { "id": "91da07d76e9b475aa0d6ac1f78757782", "sender": "sipa", "payload": "CodeShark: txid, wtxid, fee, feerate, stripped feerate, size, sigops, bytes hashed, ... anything else that may affect your policy", "action": false, "timestamp": "2016-08-25T19:28:35+00:00" }, { "id": "f5009aca43ca46d8be0ca93dd6b957a9", "sender": "CodeShark", "payload": "ok, fair enough", "action": false, "timestamp": "2016-08-25T19:28:48+00:00" }, { "id": "644b4e6fbbd74bd6896e0801bff260ae", "sender": "sipa", "payload": "inv bandwidth is larger than tx bandwidth by a factor of 5 on my node", "action": false, "timestamp": "2016-08-25T19:28:56+00:00" }, { "id": "7dd298c9e9434a7ba2569edb24d86d43", "sender": "luke-jr", "payload": "sipa: let's make it configurable! /s", "action": false, "timestamp": "2016-08-25T19:29:05+00:00" }, { "id": "e1ebcce4227241398ef1618cf4e04628", "sender": "sipa", "payload": "and that's between feefilter nodes", "action": false, "timestamp": "2016-08-25T19:29:25+00:00" }, { "id": "f1ed4664b14d458a90e098b394779a42", "sender": "sipa", "payload": "so... do we think jl2012's approach of validating everything (or a fraction thereof) is the way to go for 0.13.1", "action": false, "timestamp": "2016-08-25T19:30:22+00:00" }, { "id": "908d1cab26164f7095667eb8cf199122", "sender": "sipa", "payload": "?", "action": false, "timestamp": "2016-08-25T19:30:25+00:00" }, { "id": "4eddda2f0de6462ca837f797368d9420", "sender": "CodeShark", "payload": "I haven't done the math", "action": false, "timestamp": "2016-08-25T19:30:36+00:00" }, { "id": "e95e83fa869c473aaaad8575423a2be7", "sender": "sipa", "payload": "the code is simple at least", "action": false, "timestamp": "2016-08-25T19:30:36+00:00" }, { "id": "108d59fae6c64e2bb1f4e16639c4950e", "sender": "sipa", "payload": "CodeShark: getpeerinfo", "action": false, "timestamp": "2016-08-25T19:30:48+00:00" }, { "id": "5ba4ab6be1784ee9bff9aae0e11fae76", "sender": "sipa", "payload": "shows bytes per message", "action": false, "timestamp": "2016-08-25T19:30:54+00:00" }, { "id": "3bfefc8aeaa54b1a9a6c45362e6171a8", "sender": "gmaxwell", "payload": "This is why I think we need reconciliation for any inv improvement long term.", "action": false, "timestamp": "2016-08-25T19:30:56+00:00" }, { "id": "10b531a1f0a541bba2c03b5919d37e7a", "sender": "sipa", "payload": "yes", "action": false, "timestamp": "2016-08-25T19:31:04+00:00" }, { "id": "24eb6396892047ed97b9651866570b94", "sender": "sipa", "payload": "but the meeting time is half, let's not stray too far", "action": false, "timestamp": "2016-08-25T19:31:13+00:00" }, { "id": "6c9976dc83334134969ccc43c00665c6", "sender": "sipa", "payload": "i'd like to know what we're going to do for 0.13.1", "action": false, "timestamp": "2016-08-25T19:31:21+00:00" }, { "id": "9548eab9b1e54b4495bfe48656466946", "sender": "instagibbs", "payload": "sipa, your guess is as ~~good as~~ better than mine", "action": false, "timestamp": "2016-08-25T19:31:26+00:00" }, { "id": "e1979dcd64834592bb9ab7b9d2021bb1", "sender": "CodeShark", "payload": "sipa: I mean, I haven't done the math for validation cost edge cases", "action": false, "timestamp": "2016-08-25T19:31:28+00:00" }, { "id": "75f36a64ac634695810245feb3ca0dac", "sender": "gmaxwell", "payload": "sipa: I jl2012's sampling suggestion is a pretty good idea, coupled with not reject filtering them.", "action": false, "timestamp": "2016-08-25T19:31:35+00:00" }, { "id": "8ddcadc9b8054877a389ef9854a463b7", "sender": "sipa", "payload": "gmaxwell: right... either fully validate, or don't store in reject", "action": false, "timestamp": "2016-08-25T19:32:22+00:00" }, { "id": "37a2647344f140ddb3311ccd4cfeb9e6", "sender": "sipa", "payload": "i like", "action": false, "timestamp": "2016-08-25T19:32:41+00:00" }, { "id": "f24a9676c3914a119f10b7cd334ed143", "sender": "sipa", "payload": "ok, other topics?", "action": false, "timestamp": "2016-08-25T19:32:53+00:00" }, { "id": "4507234fb3bf481a9a6bc4ba4bfe6261", "sender": "petertodd", "payload": "I suspect we'd be better off kicking peers who send us >100KB txs", "action": false, "timestamp": "2016-08-25T19:32:55+00:00" }, { "id": "bed3f3b7aeed4a1db7ae2fe458029cd9", "sender": "petertodd", "payload": "(rather than any kind of probabalistic thing)", "action": false, "timestamp": "2016-08-25T19:33:09+00:00" }, { "id": "22efb2043a66467aa4ca906d663bf7a5", "sender": "afk11", "payload": "hardware signing BIP?", "action": false, "timestamp": "2016-08-25T19:33:28+00:00" }, { "id": "ff61abd6787e4db7a947e6a943ec2143", "sender": "sipa", "payload": "there were a few other topic ideas before", "action": false, "timestamp": "2016-08-25T19:33:50+00:00" }, { "id": "13a591c4392f4d5288067671a27c3194", "sender": "wumpus", "payload": "#topic code signing", "action": false, "timestamp": "2016-08-25T19:34:18+00:00" }, { "id": "83243ab87633459aa180f43a7d73922a", "sender": "petertodd", "payload": "afk11: that's off-topic to Bitcoin Core development right now", "action": false, "timestamp": "2016-08-25T19:34:19+00:00" }, { "id": "1b1ac42a23b8481f8d8a4b4bdc9a3da5", "sender": "gmaxwell", "payload": "petertodd: yes, we can do that-- and I think we should--, but I think it's not sufficient.", "action": false, "timestamp": "2016-08-25T19:34:20+00:00" }, { "id": "3b40efea5b184130a006d87361aacdeb", "sender": "wumpus", "payload": "@cfields_", "action": false, "timestamp": "2016-08-25T19:34:21+00:00" }, { "id": "86e05f10cd2d45a695b8b222cebaca08", "sender": "wumpus", "payload": "petertodd: it's on topic for the future though", "action": false, "timestamp": "2016-08-25T19:34:37+00:00" }, { "id": "fbe62bb0303e4a758ed2d1ade2328b89", "sender": "petertodd", "payload": "gmaxwell: well, I mean in combination with fully validating", "action": false, "timestamp": "2016-08-25T19:34:39+00:00" }, { "id": "42efd88e9b164194a143d64cc58c75b5", "sender": "petertodd", "payload": "wumpus: sure, why I said \"right now\" :)", "action": false, "timestamp": "2016-08-25T19:34:49+00:00" }, { "id": "bf0a105a14fd4fdbb1b6600659e09e89", "sender": "gmaxwell", "payload": "petertodd: okay. lets talk after meeting.", "action": false, "timestamp": "2016-08-25T19:34:52+00:00" }, { "id": "dcea9f5d5d824dc5bd22473c84ad4196", "sender": "cfields_", "payload": "so, i just wanted to bring this up before i finish the work, in case anyone has any suggestions for improvements", "action": false, "timestamp": "2016-08-25T19:35:02+00:00" }, { "id": "00d4e5d3849a416ba8824a786cb0b93f", "sender": "cfields_", "payload": "https://github.com/theuni/osx-codesign", "action": false, "timestamp": "2016-08-25T19:35:04+00:00" }, { "id": "efe381dbc4bc49a994fe3a16d2a3d4a4", "sender": "cfields_", "payload": "I have a working codesigner for osx from linux, so an osx machine is no longer needed for the release process", "action": false, "timestamp": "2016-08-25T19:35:21+00:00" }, { "id": "29c69f47841542bea36d3ba113f00ec7", "sender": "gmaxwell", "payload": "\\O/", "action": false, "timestamp": "2016-08-25T19:35:38+00:00" }, { "id": "3bdac3f23d5c43c3b5ddc7e1a8eb83b9", "sender": "sipa", "payload": "great", "action": false, "timestamp": "2016-08-25T19:35:47+00:00" }, { "id": "b3d4975541d44ebfad933102ba005283", "sender": "cfields_", "payload": "but i'm curious to see if anyone has any suggstions for more complicated/distributed signing schemes, before just implementing it as it was before", "action": false, "timestamp": "2016-08-25T19:35:48+00:00" }, { "id": "be024186293a492ca7ff8ba34b37ce96", "sender": "CodeShark", "payload": "cfields_: nice", "action": false, "timestamp": "2016-08-25T19:35:55+00:00" }, { "id": "2404f7b89cdd4459a9dfc214b19aee0f", "sender": "btcdrak", "payload": "cfields_ except for extracting the MacOS SDK...", "action": false, "timestamp": "2016-08-25T19:35:57+00:00" }, { "id": "81ee3622362240ba9e308c46d3068856", "sender": "jonasschnelli", "payload": "cfields_: very nice. Lots of devs are looking for something!", "action": false, "timestamp": "2016-08-25T19:35:58+00:00" }, { "id": "cacdd27c7d7e4ee2bb8af7c5683e276b", "sender": "jonasschnelli", "payload": "like that", "action": false, "timestamp": "2016-08-25T19:36:01+00:00" }, { "id": "47a90998168c494d8b770cd0f14caf99", "sender": "wumpus", "payload": "cfields_: nice work!", "action": false, "timestamp": "2016-08-25T19:36:05+00:00" }, { "id": "e9a0c9dad194487a9793c732885e494e", "sender": "sipa", "payload": "cfields_: what cryptography does it use?", "action": false, "timestamp": "2016-08-25T19:36:26+00:00" }, { "id": "d3067c7b924d47369f8acf8f0fccf49b", "sender": "cfields_", "payload": "(as of now it produces valid signed binaries given very specific constraints, it just needs to be tidied up and plugged into gitian)", "action": false, "timestamp": "2016-08-25T19:36:28+00:00" }, { "id": "3cb9f2e754f54b01925ea8e2477332b5", "sender": "luke-jr", "payload": "cfields_: plugged into gitian?", "action": false, "timestamp": "2016-08-25T19:36:48+00:00" }, { "id": "b0c025d57ac14e8ca1c2c2b09de30108", "sender": "petertodd", "payload": "cfields_: nice license!", "action": false, "timestamp": "2016-08-25T19:36:53+00:00" }, { "id": "2b59f768a4b1445596f8a79d68438ae1", "sender": "jonasschnelli", "payload": "GNU AFFERO GENERAL PUBLIC LICENSE,... hell!", "action": false, "timestamp": "2016-08-25T19:37:10+00:00" }, { "id": "317d70f66aa7413d80f0768b061c61ee", "sender": "gmaxwell", "payload": ":)", "action": false, "timestamp": "2016-08-25T19:37:25+00:00" }, { "id": "7ee4f8df0ff94a6f95f7918b63b4a121", "sender": "luke-jr", "payload": "agrees it's a good choice of license. \u00c3\u00a2\u00c2\u0098\u00c2\u00ba", "action": true, "timestamp": "2016-08-25T19:37:41+00:00" }, { "id": "27e8f5b7206a47949e76b937b180b8d5", "sender": "cfields_", "payload": "sipa: there's no choice in that, i haven't even looked into the signature type", "action": false, "timestamp": "2016-08-25T19:37:41+00:00" }, { "id": "60fa5e8f2fc34f55886f9207b4d5902d", "sender": "gmaxwell", "payload": "If it is RSA or schnorr we can secret share the key.", "action": false, "timestamp": "2016-08-25T19:37:54+00:00" }, { "id": "57d293620c534fc8a26823e2b6e1756d", "sender": "cfields_", "payload": "sipa: it basically collects all of the files to be embedded, creates a custom wonky structure out of them, signs, and embeds the final hash in the binary", "action": false, "timestamp": "2016-08-25T19:38:14+00:00" }, { "id": "affd26f866ec4c03b106022fafa5ef52", "sender": "petertodd", "payload": "jonasschnelli: I like AGPL because I'm not stinkin' commie", "action": false, "timestamp": "2016-08-25T19:38:21+00:00" }, { "id": "681967276cfd41a5939a8c604e791e3e", "sender": "cfields_", "payload": "along with a mostly redundant detached xml with the same hashes", "action": false, "timestamp": "2016-08-25T19:38:39+00:00" }, { "id": "61cbf142bf6e489f8a1bc0d6739b4637", "sender": "gmaxwell", "payload": "cfields_: how are you signing if you don't know how it's signing? :)", "action": false, "timestamp": "2016-08-25T19:38:45+00:00" }, { "id": "fa79a60a72be4fe2aa706c42708a668d", "sender": "cfields_", "payload": "sorry, not my license choice. 99% of the code is borrowed from an ios tool", "action": false, "timestamp": "2016-08-25T19:39:01+00:00" }, { "id": "08201e87686d4afb86cb1b931ebf4709", "sender": "jonasschnelli", "payload": "I guess you need to update \"sudo xcode-select --switch /Applications/Xcode-4.6.3.app\"", "action": false, "timestamp": "2016-08-25T19:39:31+00:00" }, { "id": "861b6ced13314dd7bfda05b3a98520e4", "sender": "cfields_", "payload": "gmaxwell: PKCS7_sign(), openssl does the hard work :)", "action": false, "timestamp": "2016-08-25T19:39:35+00:00" }, { "id": "f90ceec0175a46b49501616ac5bb6ff6", "sender": "gmaxwell", "payload": "nothing wrong with AGPL for a tool like this, licensing is a tool.", "action": false, "timestamp": "2016-08-25T19:39:37+00:00" }, { "id": "db19583a7d774a0e97effe59d73667d1", "sender": "jonasschnelli", "payload": "Hard to download older version of Xcode", "action": false, "timestamp": "2016-08-25T19:39:38+00:00" }, { "id": "58bdaaeec11147cfaa1e46985a25522b", "sender": "gmaxwell", "payload": "cfields_: how big is the signature? :P", "action": false, "timestamp": "2016-08-25T19:39:47+00:00" }, { "id": "553f97a80c54401b8c4b1106e0232f15", "sender": "cfields_", "payload": "gmaxwell: i can dump you some samples after the meeting", "action": false, "timestamp": "2016-08-25T19:40:23+00:00" }, { "id": "c4f4426b8b24417abcc0bb3a9104161a", "sender": "gmaxwell", "payload": "great, in any case, I'd like to talk about integrating multiparty signing into it. it might be easy to accomplish.", "action": false, "timestamp": "2016-08-25T19:40:44+00:00" }, { "id": "8754c34f7df044d5abf224cbf8c4e955", "sender": "cfields_", "payload": "but back to the point: is anyone interested in coming up with a signing scheme that deviates from what we have now?", "action": false, "timestamp": "2016-08-25T19:40:47+00:00" }, { "id": "c88a0367cdd64ccea386849384fd2bf3", "sender": "cfields_", "payload": "oh, i suppose that's why you want to know about sig type :)", "action": false, "timestamp": "2016-08-25T19:41:11+00:00" }, { "id": "c6affc5fe2264722aedf3741a496be25", "sender": "gmaxwell", "payload": "Yes.", "action": false, "timestamp": "2016-08-25T19:41:18+00:00" }, { "id": "5220f2a045c24458afb0d9b4f2111c82", "sender": "sipa", "payload": "yes.", "action": false, "timestamp": "2016-08-25T19:41:23+00:00" }, { "id": "f6c84020d70b40c48e55a32c8b94fde7", "sender": "jonasschnelli", "payload": "gmaxwell: my OSX code signing certs are RSA 2048 Bit", "action": false, "timestamp": "2016-08-25T19:41:28+00:00" }, { "id": "8d14058feade4f0f840ec9d947d35701", "sender": "michagogo", "payload": "cfields_: your signer is missing a README", "action": false, "timestamp": "2016-08-25T19:41:45+00:00" }, { "id": "914a6f85caf34518b73ac3c2477a9323", "sender": "petertodd", "payload": "cfields_: I'm already working on codesigning as my first application for dex", "action": false, "timestamp": "2016-08-25T19:41:50+00:00" }, { "id": "df180070f86343209041a58c4d925ec5", "sender": "sipa", "payload": "oh, let's just switch bitcoin to use prime factoring as PoW", "action": false, "timestamp": "2016-08-25T19:42:01+00:00" }, { "id": "adcd614772d2468290eafd6aaae9b929", "sender": "cfields_", "payload": "same here, what i'm not sure about is how much you're allowed to change around the sig format", "action": false, "timestamp": "2016-08-25T19:42:11+00:00" }, { "id": "314c265416f249e39b9d59d97930af01", "sender": "cfields_", "payload": "(for osx, the signing cert must be signed by apple)", "action": false, "timestamp": "2016-08-25T19:42:44+00:00" }, { "id": "ef2bc5a64505497c8d78931b61be3668", "sender": "wumpus", "payload": "yes, IIRC PKCS7 is simply RSA wrapped in ASN.1 mess", "action": false, "timestamp": "2016-08-25T19:42:49+00:00" }, { "id": "c864d0f8fd0f4ff2ba60f88c961ffd64", "sender": "cfields_", "payload": "yes", "action": false, "timestamp": "2016-08-25T19:43:12+00:00" }, { "id": "3c01b5437f4d43c7a655dbb94a31951b", "sender": "cfields_", "payload": "and apple adds a weird little scripting language around 'designated requirements'", "action": false, "timestamp": "2016-08-25T19:43:25+00:00" }, { "id": "5b1af5482c9d456894df9c77867a52ba", "sender": "wumpus", "payload": "congrats on cracking that :)", "action": false, "timestamp": "2016-08-25T19:43:35+00:00" }, { "id": "b86d0ae00be649fd807a971773460909", "sender": "sipa", "payload": "cfields_: well there could be several signers, and we get a cert for the combined key?", "action": false, "timestamp": "2016-08-25T19:43:37+00:00" }, { "id": "c98c7aa5efd847fda1c8248460606d9c", "sender": "jonasschnelli", "payload": "The question is, does code-signing really increases the security of bitcoin-core...", "action": false, "timestamp": "2016-08-25T19:43:50+00:00" }, { "id": "95f40aa613c640539d15ad32ee8c3f22", "sender": "cfields_", "payload": "so you can add other restrictions, but again, i'm not sure how much apple lets you deviate from the default", "action": false, "timestamp": "2016-08-25T19:44:05+00:00" }, { "id": "e83a60215acd40f4a15c219efa5d070b", "sender": "luke-jr", "payload": "jonasschnelli: imagine where common gitian builders all sign themselves and combine the sig", "action": false, "timestamp": "2016-08-25T19:44:11+00:00" }, { "id": "664880ac6cd746dc8b13bc8ab9615da4", "sender": "gmaxwell", "payload": "the straightforward way of doing threshold RSA needs a trusted dealer. but at least its multiparty after setup.", "action": false, "timestamp": "2016-08-25T19:44:12+00:00" }, { "id": "c4c2ddea70d84aaf84d9e14d43692bed", "sender": "petertodd", "payload": "jonasschnelli: I suspect the code-signature-verification is what increases the security of bitcoin-core :)", "action": false, "timestamp": "2016-08-25T19:44:19+00:00" }, { "id": "f1306e94c53d4b6bad729a8b67e05e5b", "sender": "jonasschnelli", "payload": "petertodd: i rather say verifing of gitian signatures...", "action": false, "timestamp": "2016-08-25T19:44:34+00:00" }, { "id": "d92d6274e5c348508a0a726a417de9ad", "sender": "luke-jr", "payload": "jonasschnelli: essentially we'd get the OS to verify the gitian builds in this case", "action": false, "timestamp": "2016-08-25T19:44:44+00:00" }, { "id": "25b93b354e5e4e9b9bf3941ccb51345b", "sender": "cfields_", "payload": "jonasschnelli: yes and no. the code-signing itself, not really. but code-signing does allow you to force-on the osx sandbox, which is interesting for security", "action": false, "timestamp": "2016-08-25T19:44:45+00:00" }, { "id": "26ea1f9c4d9948b2bbe6b1e6a8315735", "sender": "jonasschnelli", "payload": "OSX code signatures are from \"Bitcoin Foundation\"... anyone could hold the key", "action": false, "timestamp": "2016-08-25T19:44:49+00:00" }, { "id": "a4560d408e1f4a0c942e07caa1c31dab", "sender": "sipa", "payload": "i'm sure we can get a new cert", "action": false, "timestamp": "2016-08-25T19:45:03+00:00" }, { "id": "3610d7b809b84c9f925e7c678134e6b0", "sender": "petertodd", "payload": "jonasschnelli: the gitian signatures aren't ever going to be much more secure than the code signatures", "action": false, "timestamp": "2016-08-25T19:45:08+00:00" }, { "id": "6ff50efeb560454ea917ca98be9ddc90", "sender": "jonasschnelli", "payload": "cfields_: Yes. But thats just a restrriction from apple...", "action": false, "timestamp": "2016-08-25T19:45:11+00:00" }, { "id": "a161bea6af61485da8c254da80b02121", "sender": "cfields_", "payload": "jonasschnelli: (we haven't messed with the sandboxing yet, afaik)", "action": false, "timestamp": "2016-08-25T19:45:13+00:00" }, { "id": "aaa3400c47974ec4839b28414b71fa71", "sender": "jonasschnelli", "payload": "and sandboxing is impossible for bitcoin core right now", "action": false, "timestamp": "2016-08-25T19:45:18+00:00" }, { "id": "ec646a9b8e13404bb2846ba4bfd7a34b", "sender": "petertodd", "payload": "jonasschnelli: also, lots of people don't use the gitian builds (I've never personally run one)", "action": false, "timestamp": "2016-08-25T19:45:23+00:00" }, { "id": "b7e51898badf4a8d95e0ec7616fead77", "sender": "gmaxwell", "payload": "We can get a new cert and we should improve the maintaince of it so no one person needs to hold the key-- it's a good practice.", "action": false, "timestamp": "2016-08-25T19:45:26+00:00" }, { "id": "98c635f769dd4c959ff6bfa4a9429c12", "sender": "kanzure", "payload": "someone should make sure to watch petertodd do a gitian build in milan :)", "action": false, "timestamp": "2016-08-25T19:45:45+00:00" }, { "id": "2207cd8edfcf48c683e282720b1f6095", "sender": "cfields_", "payload": "jonasschnelli: ah ok, i've been meaning to look into it. if you already have, i'm very curious to hear your thoughts after the meeting", "action": false, "timestamp": "2016-08-25T19:45:48+00:00" }, { "id": "b0d92723cd424c6c9612a22ee3d70eeb", "sender": "jonasschnelli", "payload": "cfields_: sure. But nice work! Linux based OSX/iOS code signing is highly appriciated by lots of devs.", "action": false, "timestamp": "2016-08-25T19:46:28+00:00" }, { "id": "43a74f6727764b29a76bccfc4e5df8d7", "sender": "cfields_", "payload": "just to reiterate though: osx-codesign is 99% ripped from a tool from Saurek. I just ported to osx and updated.", "action": false, "timestamp": "2016-08-25T19:46:33+00:00" }, { "id": "bd31e9d92a84431abde502d6610b7521", "sender": "kanzure", "payload": "saurik", "action": false, "timestamp": "2016-08-25T19:46:39+00:00" }, { "id": "b588b5705a4c49749de35d501a64aeeb", "sender": "cfields_", "payload": "*Saurik. Thanks.", "action": false, "timestamp": "2016-08-25T19:46:46+00:00" }, { "id": "d15b07ef76c649c7afe4db6f29d1f489", "sender": "sipa", "payload": "saurik?", "action": false, "timestamp": "2016-08-25T19:47:04+00:00" }, { "id": "775d53b4ac1b4c50b90382c7c948bb68", "sender": "cfields_", "payload": "jonasschnelli: right, mostly I got tired of having to have my macbook for signing.", "action": false, "timestamp": "2016-08-25T19:47:09+00:00" }, { "id": "192af8c09e7d49ceab1cd3b868ee8a39", "sender": "kanzure", "payload": "/whois saurik", "action": false, "timestamp": "2016-08-25T19:47:16+00:00" }, { "id": "76e80dea567c49f796c2f841909f7610", "sender": "cfields_", "payload": "and it limits the amount of people who can do the signing", "action": false, "timestamp": "2016-08-25T19:47:23+00:00" }, { "id": "71efb43ffcea4089b5a861c62d5627bd", "sender": "jonasschnelli", "payload": "Indeed", "action": false, "timestamp": "2016-08-25T19:47:36+00:00" }, { "id": "0d069b08e3c04cc6a4422a4a6428c0e3", "sender": "jonasschnelli", "payload": "though you can run a OSX VM on a Linux machine. :)", "action": false, "timestamp": "2016-08-25T19:47:46+00:00" }, { "id": "ad2a2f4711774865a01d5024ab36ec47", "sender": "cfields_", "payload": "heh", "action": false, "timestamp": "2016-08-25T19:47:57+00:00" }, { "id": "b02a97acc08643d59cf9732edd3b9d4e", "sender": "jonasschnelli", "payload": "(and violate apples TOC)", "action": false, "timestamp": "2016-08-25T19:47:58+00:00" }, { "id": "b267ca02ff184e209d80ac0aa1e1b662", "sender": "luke-jr", "payload": "peers at his common channels with saurik", "action": true, "timestamp": "2016-08-25T19:48:02+00:00" }, { "id": "8ec7760fa8a44b3e8d1d7a6a396076c9", "sender": "gmaxwell", "payload": "cfields_: so I think good job, continue on, and I (and sipa?) will look into threshold signing for 2048 bit RSA and see if we can't get it so that no single party holds that key.", "action": false, "timestamp": "2016-08-25T19:48:06+00:00" }, { "id": "67262d2ce7a444259d765e755abcd40e", "sender": "kanzure", "payload": "sipa: he is known for various ios reverse engineering things", "action": false, "timestamp": "2016-08-25T19:48:18+00:00" }, { "id": "36704debae2040f588d158e15652182c", "sender": "CodeShark", "payload": "is 4096 overkill?", "action": false, "timestamp": "2016-08-25T19:48:22+00:00" }, { "id": "c49bb154978d427599f0a18c99a4c0dd", "sender": "sipa", "payload": "ah, cool", "action": false, "timestamp": "2016-08-25T19:48:23+00:00" }, { "id": "52f92fd78563411f8cee880e3b887a50", "sender": "cfields_", "payload": "gmaxwell: perfect, thanks.", "action": false, "timestamp": "2016-08-25T19:48:25+00:00" }, { "id": "59be49451c5041eeba1765a802ab205a", "sender": "gmaxwell", "payload": "(as an aside, this could also be done with wumpus' release key)", "action": false, "timestamp": "2016-08-25T19:48:31+00:00" }, { "id": "9c723d1581244a5b8c491f7443d32a39", "sender": "jeremyrubin", "payload": "4096 not overkill", "action": false, "timestamp": "2016-08-25T19:48:37+00:00" }, { "id": "e098b896603f412ea3ba47203b9a7445", "sender": "kanzure", "payload": "sipa: (pm)", "action": false, "timestamp": "2016-08-25T19:48:38+00:00" }, { "id": "9b109b3e9eb14e50a248731404772e5f", "sender": "sipa", "payload": "CodeShark: 3000 bits RSA is approximately equivalent with 256 bit EC", "action": false, "timestamp": "2016-08-25T19:49:03+00:00" }, { "id": "b4c864075dac43a89c28d0451381f5fb", "sender": "jonasschnelli", "payload": "CodeShark: 2048 gives use 118bit of security.. ECDSA 128 I guess... enought?", "action": false, "timestamp": "2016-08-25T19:49:05+00:00" }, { "id": "cb60af80274e4f2b95cc274ed1f3d6d1", "sender": "gmaxwell", "payload": "CodeShark: I believe we don't get to choose the parameters of this key.", "action": false, "timestamp": "2016-08-25T19:49:09+00:00" }, { "id": "799eac16349c434d9883a645d0dd49ae", "sender": "jonasschnelli", "payload": "Yes. Apples does it.", "action": false, "timestamp": "2016-08-25T19:49:18+00:00" }, { "id": "f9109d6940634234bbe25b9cc0a38dd7", "sender": "CodeShark", "payload": "oh, right", "action": false, "timestamp": "2016-08-25T19:49:22+00:00" }, { "id": "035a991971a4464fad7a1ce542e40e51", "sender": "gmaxwell", "payload": "Otherwise it would be 4096 bit. because duh.", "action": false, "timestamp": "2016-08-25T19:49:29+00:00" }, { "id": "447c7f3a40a64654acca13ab7bc7a642", "sender": "cfields_", "payload": "gmaxwell: i'll try to find out if other signature types are possible.", "action": false, "timestamp": "2016-08-25T19:49:37+00:00" }, { "id": "0f97388c98fc4a6a8c63806e299b72a1", "sender": "jonasschnelli", "payload": "is trying a 4096 key", "action": true, "timestamp": "2016-08-25T19:49:45+00:00" }, { "id": "cbd9d7d8d27a4346986c0f88aa288a66", "sender": "gmaxwell", "payload": "(the size and performance are basically irrelevant)", "action": false, "timestamp": "2016-08-25T19:49:48+00:00" }, { "id": "ff9c07bcace8433c81bc1d436f43444d", "sender": "jeremyrubin", "payload": "unrelated question while everyone is in meeting: having a lot of trouble getting my code to pass travis, but can pass locally on a few diff machines. If anyone has any ideas, ping me after meeting.", "action": false, "timestamp": "2016-08-25T19:51:00+00:00" }, { "id": "5581ae111bc34611b06f2e664680315d", "sender": "jonasschnelli", "payload": "To shortly come back to afk11 topic: there has been a proposal for detached signing: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-August/013008.html", "action": false, "timestamp": "2016-08-25T19:51:21+00:00" }, { "id": "b6a6a8f5c09545e4abd32a9b3225ce20", "sender": "kanzure", "payload": "jeremyrubin: got the core dumps yet?", "action": false, "timestamp": "2016-08-25T19:51:25+00:00" }, { "id": "79d7e9810b7746dd8bbf7d93d42f8db6", "sender": "jonasschnelli", "payload": "Which would allow decoupling the keys from the wallet(system)", "action": false, "timestamp": "2016-08-25T19:51:34+00:00" }, { "id": "efa3c5e27103405f905d1f9686e1ebf8", "sender": "jeremyrubin", "payload": "kanzure: nope; i tried changing the travis script to dump them but couldn't see anything.", "action": false, "timestamp": "2016-08-25T19:51:50+00:00" }, { "id": "a081d151b81e412098da317b002821e4", "sender": "kanzure", "payload": "you can probably call gdb bt from inside the after_failure segment", "action": false, "timestamp": "2016-08-25T19:52:19+00:00" }, { "id": "6d36fd3f4bdd4e9185271ad669a9a8ab", "sender": "jonasschnelli", "payload": "to end the wild-west APIs/interfaces that are currently been implemented by wallets and hardware-wallet vendors", "action": false, "timestamp": "2016-08-25T19:52:21+00:00" }, { "id": "6396aee462b541d6814f02e8442627a6", "sender": "wumpus", "payload": "I very much like the idea of standardizing detached signing", "action": false, "timestamp": "2016-08-25T19:52:26+00:00" }, { "id": "2d15818d50da449a8ed7a826331c3bc3", "sender": "wumpus", "payload": "yes, exactly", "action": false, "timestamp": "2016-08-25T19:52:32+00:00" }, { "id": "ae6c40d43ecc4583b531dae70b69fee1", "sender": "jonasschnelli", "payload": "One of the main problems users have and will have with wallets is to keep private keys private.", "action": false, "timestamp": "2016-08-25T19:52:54+00:00" }, { "id": "5406097476254387a4b7b3be16c5fb8b", "sender": "wumpus", "payload": "it makes no sense to try to support detached signing in bitcoin core until there is some kind of standard, if every hw vendor is going to hook in their own code in their own way it isgoing to be a mess", "action": false, "timestamp": "2016-08-25T19:53:29+00:00" }, { "id": "8fbd6c28f5ea4b3bb39333ebe88f9655", "sender": "btcdrak", "payload": "jonasschnelli: well you'd hope hardware signing devices will become more commonplace", "action": false, "timestamp": "2016-08-25T19:53:42+00:00" }, { "id": "6aea6e48144046c6b156aaef426f9935", "sender": "CodeShark", "payload": "they will", "action": false, "timestamp": "2016-08-25T19:53:53+00:00" }, { "id": "fd0ff0c5d6b1465fae180782d24b903e", "sender": "instagibbs", "payload": "7 minutes, any more topics?", "action": false, "timestamp": "2016-08-25T19:54:04+00:00" }, { "id": "e4b83a2894a84bd1b11f8a4dcc23643a", "sender": "CodeShark", "payload": "it's not something we should hope for - it's something we should make happen", "action": false, "timestamp": "2016-08-25T19:54:08+00:00" }, { "id": "95152b0b1d5340e0a0c30bfbc5a0bf9d", "sender": "wumpus", "payload": "no doubt about that, though it's two-sided, software also needs to support them", "action": false, "timestamp": "2016-08-25T19:54:08+00:00" }, { "id": "64285814b38b4560aa102128f1fa8119", "sender": "jonasschnelli", "payload": "Yes. I proposed the URLScheme standard... even, I don't like it in the first place.. but its probably the only choice if we'd like to address all systems and platforms.", "action": false, "timestamp": "2016-08-25T19:54:09+00:00" }, { "id": "c05cecec7c514fab874f8f04e62fc4b1", "sender": "wumpus", "payload": "CodeShark: jonasschnelli is helping make it happen", "action": false, "timestamp": "2016-08-25T19:54:21+00:00" }, { "id": "48301af6661b473f940892a40f5a4248", "sender": "sipa", "payload": "the topic is still codesigning :)", "action": false, "timestamp": "2016-08-25T19:54:28+00:00" }, { "id": "70ead4f34ac9430f938345455f2fdc5b", "sender": "petertodd", "payload": "btcdrak: also note that in systems like Qubes, detached signing in another VM is a significant security improvement even w/o special hardware", "action": false, "timestamp": "2016-08-25T19:54:45+00:00" }, { "id": "b88646716b0447d7930bffaeca80b8c6", "sender": "btcdrak", "payload": "yes. detached signing is more for the bitcoin-dev ML", "action": false, "timestamp": "2016-08-25T19:54:47+00:00" }, { "id": "833ea850d0684329915412f01f46c29c", "sender": "petertodd", "payload": "btcdrak: Qubes does this for GPG already", "action": false, "timestamp": "2016-08-25T19:54:58+00:00" }, { "id": "99209971ecf14e96b294fa701e4f19d9", "sender": "gmaxwell", "payload": "jonasschnelli: I think at this point the discussion should stop and some prototypes should be tried. You've seen there is some support and some opposition, and thats fine.", "action": false, "timestamp": "2016-08-25T19:55:04+00:00" }, { "id": "2a51171a303b40edbd2693d80e72f8b8", "sender": "wumpus", "payload": "do we still have anything to say about codesigning?", "action": false, "timestamp": "2016-08-25T19:55:04+00:00" }, { "id": "6e9bf32d819a499da34f67f17077cd35", "sender": "btcdrak", "payload": "petertodd: interesting", "action": false, "timestamp": "2016-08-25T19:55:07+00:00" }, { "id": "b8d157f8c4a24e719f598fd3d4e33a8a", "sender": "jonasschnelli", "payload": "gmaxwell: Yes. I'm working on a PoC with static data between Core and iOS.", "action": false, "timestamp": "2016-08-25T19:55:24+00:00" }, { "id": "ebd579dfe6b64fcab3859ed7c3d9d2d3", "sender": "sipa", "payload": "wumpus: i believe not, i was only casually complaining about the random switch of topic :)", "action": false, "timestamp": "2016-08-25T19:55:40+00:00" }, { "id": "f618258f1b9b4422902a1d8cbeb0a037", "sender": "jonasschnelli", "payload": "my fault. sry.", "action": false, "timestamp": "2016-08-25T19:55:58+00:00" }, { "id": "148b144fa59e4c718860629cd781fe81", "sender": "gmaxwell", "payload": "jonasschnelli: okay, even simpler-- I think we should change our standard operation to have walletpassphrase and decrypt and sign done by a seperate mlocked process.", "action": false, "timestamp": "2016-08-25T19:56:10+00:00" }, { "id": "f76dfb551907453aacfdb76cd02310da", "sender": "wumpus", "payload": "petertodd: yes, it should be general enough to support that scenario as well, but I think that's handled if it works for hw signing, just expose a 'virtual' hw device", "action": false, "timestamp": "2016-08-25T19:56:22+00:00" }, { "id": "f30ed5876f2c42f3b174a7b6c9a9a0e1", "sender": "wumpus", "payload": "sipa: agreed, it's a bit of a sudden switch", "action": false, "timestamp": "2016-08-25T19:56:31+00:00" }, { "id": "e5cdbe07da2f47958a1da40609fc45ac", "sender": "wumpus", "payload": "time to end the meeting maybe", "action": false, "timestamp": "2016-08-25T19:56:54+00:00" }, { "id": "b7a935a0e82a42e1b77e0893b54adbfe", "sender": "wumpus", "payload": "#endmeeting", "action": false, "timestamp": "2016-08-25T19:57:10+00:00" } ], "events": [ { "event_type": "START_MEETING", "message": { "id": "6dbc903ee77a48b2bc4a92040323e010", "sender": "wumpus", "payload": "#startmeeting", "action": false, "timestamp": "2016-08-25T19:02:37+00:00" }, "operand": null, "id": "6dbc903ee77a48b2bc4a92040323e010", "timestamp": "2016-08-25T19:02:37+00:00" }, { "event_type": "LINK", "message": { "id": "7280f7bd572e4be1ad97743c86013bce", "sender": "MarcoFalke", "payload": "https://github.com/bitcoin/bitcoin/pulls/paveljanik", "action": false, "timestamp": "2016-08-25T19:03:59+00:00" }, "operand": "https://github.com/bitcoin/bitcoin/pulls/paveljanik", "id": "7280f7bd572e4be1ad97743c86013bce", "timestamp": "2016-08-25T19:03:59+00:00" }, { "event_type": "TOPIC", "message": { "id": "c469a283049e485ca586a8069c54ccb6", "sender": "wumpus", "payload": "#topic proposals for segwit DoS protection", "action": false, "timestamp": "2016-08-25T19:06:13+00:00" }, "operand": "proposals for segwit DoS protection", "id": "c469a283049e485ca586a8069c54ccb6", "timestamp": "2016-08-25T19:06:13+00:00" }, { "event_type": "LINK", "message": { "id": "348a0ab0bc0a4d76a773f460da9622e7", "sender": "jonasschnelli", "payload": "https://github.com/bitcoin/bitcoin/issues/8279", "action": false, "timestamp": "2016-08-25T19:08:30+00:00" }, "operand": "https://github.com/bitcoin/bitcoin/issues/8279", "id": "348a0ab0bc0a4d76a773f460da9622e7", "timestamp": "2016-08-25T19:08:30+00:00" }, { "event_type": "LINK", "message": { "id": "5f49ab995c084cd696c2b5176e0c3881", "sender": "jonasschnelli", "payload": "https://github.com/bitcoin/bitcoin/pull/8525", "action": false, "timestamp": "2016-08-25T19:17:59+00:00" }, "operand": "https://github.com/bitcoin/bitcoin/pull/8525", "id": "5f49ab995c084cd696c2b5176e0c3881", "timestamp": "2016-08-25T19:17:59+00:00" }, { "event_type": "TOPIC", "message": { "id": "13a591c4392f4d5288067671a27c3194", "sender": "wumpus", "payload": "#topic code signing", "action": false, "timestamp": "2016-08-25T19:34:18+00:00" }, "operand": "code signing", "id": "13a591c4392f4d5288067671a27c3194", "timestamp": "2016-08-25T19:34:18+00:00" }, { "event_type": "LINK", "message": { "id": "00d4e5d3849a416ba8824a786cb0b93f", "sender": "cfields_", "payload": "https://github.com/theuni/osx-codesign", "action": false, "timestamp": "2016-08-25T19:35:04+00:00" }, "operand": "https://github.com/theuni/osx-codesign", "id": "00d4e5d3849a416ba8824a786cb0b93f", "timestamp": "2016-08-25T19:35:04+00:00" }, { "event_type": "END_MEETING", "message": { "id": "b7a935a0e82a42e1b77e0893b54adbfe", "sender": "wumpus", "payload": "#endmeeting", "action": false, "timestamp": "2016-08-25T19:57:10+00:00" }, "operand": null, "id": "b7a935a0e82a42e1b77e0893b54adbfe", "timestamp": "2016-08-25T19:57:10+00:00" } ], "aliases": {}, "vote_in_progress": false, "motion_index": null }