[Bitcoin-development] Draft BIP for geutxos message

Jeff Garzik jgarzik at bitpay.com
Wed Jul 16 14:25:17 UTC 2014


On the specific issue I raised, the BIP only says "Querying multiple
nodes and combining their answers can be a partial solution to this"
which is not very helpful advice.  That's a partial answer to my
question #2 with zero response for question #3.

This sort of thing really needs a warning label like "use only if you
don't have a trusted solution" and discussion of that choice is
completely absent (question #1).


On Wed, Jul 16, 2014 at 8:37 AM, Mike Hearn <mike at plan99.net> wrote:
> Thanks Jeff.
>
> I do feel like a lot of this is covered in the writeup I attached to the
> implementation pull request, and I went over it again in the ensuing
> discussion, and also in the BIP.
>
> The discussion of how to make it secure is covered in the "Upgrade" section
> of the writeup and in the "Authentication" section of the BIP. Please do let
> me know if these sections are missing something. The ideas discussed there
> are not implemented in this pull request because outside of some special
> cases, it is a very large project that involves a chain fork. You can see
> the start of a solution here:
>
> https://github.com/bitcoin/bitcoin/pull/3977
>
>>
>> If one implements your BIP in a naive manner -- simply find a node, and
>> issue a single query -- they are dangerously exposed to malicious
>> information.  The BIP should describe this major security issue, and
>> describe at least one method of solving it (ditto implementation, if
>> lighthouse has not already solved this).
>
>
> The BIP already does discuss this, in the authentication section.
> Suggestions for how to make it better are welcome.
>
>>
>> Comparison between this and BIP 35 (mempool command) are not apt, as
>> miners and full nodes treat "mempool" returned data just like any other
>> randomly solicited "tx" command on the network.  Unlike "mempool" cmd, this
>> "getutxos" cmd proffers post-verification trusted data.
>
>
> I don't think it does proffer that, but if a part of the BIP could be read
> as doing so, let me know which part and I'll fix it.



-- 
Jeff Garzik
Bitcoin core developer and open source evangelist
BitPay, Inc.      https://bitpay.com/




More information about the bitcoin-dev mailing list