On the specific issue I raised, the BIP only says "Querying multiple nodes and combining their answers can be a partial solution to this" which is not very helpful advice. That's a partial answer to my question #2 with zero response for question #3.
This sort of thing really needs a warning label like "use only if you don't have a trusted solution" and discussion of that choice is completely absent (question #1). On Wed, Jul 16, 2014 at 8:37 AM, Mike Hearn <m...@plan99.net> wrote: > Thanks Jeff. > > I do feel like a lot of this is covered in the writeup I attached to the > implementation pull request, and I went over it again in the ensuing > discussion, and also in the BIP. > > The discussion of how to make it secure is covered in the "Upgrade" section > of the writeup and in the "Authentication" section of the BIP. Please do let > me know if these sections are missing something. The ideas discussed there > are not implemented in this pull request because outside of some special > cases, it is a very large project that involves a chain fork. You can see > the start of a solution here: > > https://github.com/bitcoin/bitcoin/pull/3977 > >> >> If one implements your BIP in a naive manner -- simply find a node, and >> issue a single query -- they are dangerously exposed to malicious >> information. The BIP should describe this major security issue, and >> describe at least one method of solving it (ditto implementation, if >> lighthouse has not already solved this). > > > The BIP already does discuss this, in the authentication section. > Suggestions for how to make it better are welcome. > >> >> Comparison between this and BIP 35 (mempool command) are not apt, as >> miners and full nodes treat "mempool" returned data just like any other >> randomly solicited "tx" command on the network. Unlike "mempool" cmd, this >> "getutxos" cmd proffers post-verification trusted data. > > > I don't think it does proffer that, but if a part of the BIP could be read > as doing so, let me know which part and I'll fix it. -- Jeff Garzik Bitcoin core developer and open source evangelist BitPay, Inc. https://bitpay.com/ ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
