On Sat, Feb 25, 2017 at 03:34:33PM -0600, Steve Davis wrote: > Yea, well. I don’t think it is ethical to post instructions without an > associated remediation (BIP) if you don’t see the potential attack.
I can't agree with you at all there: we're still at the point where the computational costs of such attacks limit their real-world impact, which is exactly when you want the *maximum* exposure to what they are and what the risks are, so that people develop mitigations. Keeping details secret tends to keep the attacks out of public view, which might be a good trade-off in a situation where the attacks are immediately practical and the need to deploy a fix is well understood. But we're in the exact opposite situation. > I was rather hoping that we could have a fuller discussion of what the best > practical response would be to such an issue? Deploying segwit's 256-bit digests is a response that's already fully coded and ready to deploy, with the one exception of a new address format. That address format is being actively worked on, and could be deployed relatively quickly if needed. -- https://petertodd.org 'peter'[:-1]@petertodd.org
signature.asc
Description: Digital signature
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
