On Wed, Oct 21, 2015 at 6:22 PM, Danny Thorpe via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > outputs) seems like quite a different hazard than a malicious third party > modifying a transaction in the mempool by twiddling opcodes in the signature > scripts. The former seems like more a matter of keeping your own house in
Indeed they are different, but canonical encoding enforcement prevents the third party malleability completely on ordinary transactions. It is an an _immediate_ solution which is already deployed as a standardness rule-- once miners update to 0.11.1 or 0.10.3 (or equivalent) only miners will be able to malleable ordinary payments, to the best of our current understanding. [snip] > proposal. Baby steps. Normalized transaction IDs provide an immediate > benefit against the hazard of third party manipulation of transactions in > the mempool, even without canonical ordering. The thing being discussed here does not provide an immediate benefit to that particular issue. It addresses multistep contracts and other cases. But it does not prevent third party mutation until people change their public keys to new scheme (which based on p2sh we should expect a well over a year deployment), which they cannot being doing until a soft fork is made and settled in the network, for which the code is not yet written. CLTV suggests that the current timeframe for a soft fork is around a year and though I'd like to see that improved. So canonical encoding is both sufficient (to the best of our current understanding) for preventing third party malleability on ordinary transactions, and the _only_ option for to have an actually immediate benefit. Please don't mix up third party malleability with this work which is important in its own right. _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
