Checkpoints will be replaced by compiled-in 'at THIS timestamp the main chain
had THIS much proof of work.'
That is enough information to prevent attacks and still allow optimizations
like skipping signature checking for ancient transactions.
I don't think anybody is proposing replacing checkpoints with nothing.
--
Gavin Andresen
> On May 13, 2015, at 8:26 AM, Alex Mizrahi <alex.mizr...@gmail.com> wrote:
>
> Let's consider a concrete example:
>
> 1. User wants to accept Bitcoin payments, as his customers want this.
> 2. He downloads a recent version of Bitcoin Core, checks hashes and so on.
> (Maybe even builds from source.)
> 3. Let's it to sync for several hours or days.
> 4. After wallet is synced, he gives his address to customer.
> 5. Customer pays.
> 6. User waits 10 confirmations and ships the goods. (Suppose it's something
> very expensive.)
> 7. Some time later, user wants to convert some of his bitcoins to dollars. He
> sends his bitcoins to an exchange but they never arrive.
>
> He tries to investigate, and after some time discovers that his router (or
> his ISP's router) was hijacked. His Bitcoin node couldn't connect to any of
> the legitimate nodes, and thus got a complete fake chain from the attacker.
> Bitcoins he received were totally fake.
>
> Bitcoin Core did a shitty job and confirmed some fake transactions.
> User doesn't care that if his network was not impaired, Bitcoin Core would
> have worked properly.
> The main duty of Bitcoin Core is to check whether transactions are confirmed,
> and if it can be fooled by a simple router hack, then it does its job poorly.
>
> If you don't see it being a problem, you should't be allowed to develop
> anything security-related.
>
>> If a node is connected to 99 dishonest nodes and 1 honest node, it can still
>> sync with the main network.
>
> Yes, it is good against Sybil attack, but not good against a network-level
> attack.
> Attack on user's routers is a very realistic, plausible attack.
> Imagine if SSL could be hacked by hacking a router, would people still use it?
>
> Fucking no.
>
>> A 3 month reversal would be devastating, so the checkpoint isn't adding much
>> extra security.
>
> WIthout checkpoints an attacker could prepare a fork for $10.
> With checkpoints, it would cost him at least $1000, but more likely upwards
> of $100000.
> That's quite a difference, no?
>
> I do not care what do you think about the reasons why checkpoints were added,
> but it is a fact that they make the attack scenario I describe above hard to
> impossible.
>
> Without checkpoints, you could perform this attack using a laptop.
> With checkpoints, you need access to significant amounts of mining ASICs.
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
