[Bitcoin-development] Draft BIP for geutxos message
Gregory Maxwell
gmaxwell at gmail.com
Wed Jul 16 14:57:06 UTC 2014
On Wed, Jul 16, 2014 at 7:25 AM, Jeff Garzik <jgarzik at bitpay.com> wrote:
> On the specific issue I raised, the BIP only says "Querying multiple
> nodes and combining their answers can be a partial solution to this"
> which is not very helpful advice. That's a partial answer to my
> question #2 with zero response for question #3.
>
> This sort of thing really needs a warning label like "use only if you
> don't have a trusted solution" and discussion of that choice is
> completely absent (question #1).
In IETF documents there is a required security considerations section,
see http://tools.ietf.org/html/bcp72
In many of our documents the whole thing is a security consideration
but for ones like these we should probably always document the
weaknesses as set out from the rest of the document. See how BIP32
enumerates the one-private-key-breaks the chain.
On this point the getutxos document is doing well. Perhaps breaking
some things out of the auth section into a security /
security-limitations section. In particular, can this document
specifically call out that a local network attacker can MITM all the
peers.
(If Mike would prefer, I can send a diff with proposed changes)
More information about the bitcoin-dev
mailing list