> Op 9 nov. 2017, om 21:45 heeft Jacob Eliosoff via bitcoin-dev > <bitcoin-dev@lists.linuxfoundation.org> het volgende geschreven: > > As I understand you, a private key in cold storage would (of course) remain > valid across HFs, but an address would be valid only for the nForkId it was > generated for. There may be cold-storage-type cases where it's important for > an address to be valid across all chains, ie, to intentionally allow replay? > But I guess this could just be a special nForkId value, say -1?
If I understand the proposal correctly, you can always spend coins; it's the next transaction that is replay protected. I like the idea of specifying the fork in bech32 [0]. On the other hand, the standard already has a human readable part. Perhaps the human readable part can be used as the fork id? Note that in your currently proposal nForkId is only in the transaction signature pre-image. It's not in the serialized transaction, so a node would just have to try to see if the signature is valid. I don't know if that's a problem. Can you clarify what you mean with: > Allowing signatures with `nForkId=1` can be achieved with a soft fork by > incrementing the script version of SegWit, making this a fully backwards > compatible change. What's the purpose of nForkId 1? > potentially a way to opt-out of replay protection of any fork, where deemed > necessary (can be beneficial for some L2 applications). Can you give an example of where this opt-out would be useful? Why wouldn't it be enough to just sign one transaction for each fork? In Spoonnet, the version number is added to the SIGHASH_TYPE in the pre-image. Your solution of just adding another field seems easier, but maybe there's a downside? Sjors [0] https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki#Bech32
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
