achow101 (OP)
Staff
Legendary
 Offline
Activity: 3388
Merit: 6631
Just writing some code
|
 |
November 01, 2016, 07:10:25 PM |
|
Now all we need is to find out if the Alert key has ever been changed. If it hasn't been, then there is no evidence as to what might have happened, then let's call it a day, for the lack of evidence, obviously. If they changed the key and disclosed the old one, that would mean one thing, but if they changed it and didn't disclose the old key, that would mean something totally different, right?
The key has never been changed. You can follow the commits in the git tree. The only change to it has been its removal. |
|
|
|
|
|
|
"There should not be any signed int. If you've found a signed int
somewhere, please tell me (within the next 25 years please) and I'll
change it to unsigned int." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
calkob
|
|
November 01, 2016, 07:34:30 PM |
|
Great idea as this may have been used in the future by someone with malicious intent. although to be honest i didnt even know that it existed.  |
|
|
|
|
Meuh6879
Legendary
Offline
Activity: 1512
Merit: 1011
|
|
November 01, 2016, 09:34:22 PM |
|
Good ... Nanos can not shutdown Bitcoin in the future.  |
|
|
|
|
achow101 (OP)
Staff
Legendary
Offline
Activity: 3388
Merit: 6631
Just writing some code
|
|
November 02, 2016, 04:36:36 PM |
|
The pre final alert has been sent.
|
|
|
|
|
tee-rex
|
|
November 02, 2016, 05:29:49 PM |
|
Now all we need is to find out if the Alert key has ever been changed. If it hasn't been, then there is no evidence as to what might have happened, then let's call it a day, for the lack of evidence, obviously. If they changed the key and disclosed the old one, that would mean one thing, but if they changed it and didn't disclose the old key, that would mean something totally different, right?
The key has never been changed. You can follow the commits in the git tree. The only change to it has been its removal. Got it. But what is the real purpose of giving out the key? I remember a time when the Linux iptables had a feature that allowed to send back the offending packets to the source (it was called MIRROR or something to that tune, if I'm not mistaken), but it got soon removed since that had been a silly idea right from the start. Why not just abandon this Alert system without making it look like a personal vendetta?
Read the last paragraph of this email: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-September/013104.htmlMissed that part somehow (emphasis added): At some point after that, I would then plan to disclose this private key in public, eliminating any further potential of reputation attacks and diminishing the risk of misunderstanding the key as some special trusted source of authority. I still don't understand two things. 1) what further potential reputation attacks are possible, and 2) which seems to me the most important here, wasn't the key exactly that? I mean, a special trusted source of authority? Regarding the first, just mentioning further reputation attacks is already telling a lot by itself. Regarding the second, I think just because the key was available only to a few core developers and due to the fact that it served a special purpose of alerting users, it implies that it should have been trusted and authoritative. Otherwise, it couldn't function as a true Alert key as far as I get it. |
|
|
|
|
|
mbuk81
|
|
November 02, 2016, 06:02:02 PM |
|
me neither new or needed this services as bitcoins are becoming more many stream then either now
so this type of system is not needed anymore
so I guess that's why is being shut down as 1000 others site are doing the same sort of things
but thanks to op for informing us so that the users that did use it now to look somewhere else for the info.
|
HIGH PAYING BITCOIN FAUCET ONLY AT SWITCH-BUX PTC BITCOIN FAUCET CLAIM EVERY 30 MINS AND GET 50 SATOSHI EVERYTIME
|
|
|
achow101 (OP)
Staff
Legendary
Offline
Activity: 3388
Merit: 6631
Just writing some code
|
|
November 02, 2016, 06:14:34 PM |
|
I still don't understand two things. 1) what further potential reputation attacks are possible,
I'm not quite sure what Greg exactly meant with further potential reputation attacks. and 2) which seems to me the most important here, wasn't the key exactly that? I mean, a special trusted source of authority? Regarding the first, just mentioning further reputation attacks is already telling a lot by itself. Regarding the second, I think just because the key was available only to a few core developers and due to the fact that it served a special purpose of alerting users, it implies that it should have been trusted and authoritative. Otherwise, it couldn't function as a true Alert key as far as I get it.
The issue with the "special trusted source of authority" is that some people thought that the alert key holders could use their key to influence important aspects of Bitcoin. For example (from the email), one person asked the devs whether they could use the key to reset the difficulty. So the thinking goes: if the key is still held secret after the alert system is dead, people may still think that it holds some special importance and can still be used as a centralizing trusted authority. The goal is to avoid this and to kill off any significance the key may have by publishing it publicly. |
|
|
|
|
neurotypical
|
|
November 02, 2016, 06:16:19 PM |
|
I think what reputation attacks mean is, somebody that has a reputation in the bitcoin ecosystem (like Gavin Andressen for example) could use their key to push a certain agenda.
If nobody has the key, then nobody can do that sort of attack anymore.
|
|
|
|
|
|
tee-rex
|
|
November 02, 2016, 06:23:22 PM |
|
So the thinking goes: if the key is still held secret after the alert system is dead, people may still think that it holds some special importance and can still be used as a centralizing trusted authority. The goal is to avoid this and to kill off any significance the key may have by publishing it publicly.
That makes sense provided that this key is the key. But really paranoid people could still claim that the key disclosed has nothing to do with the real Alert key, or whatever else it might have been used for. And because the whole system will already be dismantled by the time the key is released to the public, it won't be possible to check that. Maybe, I'm missing something here, and there are ways to actually prove the authenticity of the key even if the system has already been removed from Bitcoin. I just don't know, that's why I'm asking. |
|
|
|
|
achow101 (OP)
Staff
Legendary
Offline
Activity: 3388
Merit: 6631
Just writing some code
|
|
November 02, 2016, 06:33:57 PM |
|
So the thinking goes: if the key is still held secret after the alert system is dead, people may still think that it holds some special importance and can still be used as a centralizing trusted authority. The goal is to avoid this and to kill off any significance the key may have by publishing it publicly.
That makes sense provided that this key is the key. But really paranoid people could still claim that the key disclosed has nothing to do with the real Alert key, or whatever else it might have been used for. And because the whole system will already be dismantled by the time the key is released to the public, it won't be possible to check that. Maybe, I'm missing something here, and there are ways to actually prove the authenticity of the key even if the system has already been removed from Bitcoin. I just don't know, that's why I'm asking. Yes, in fact it is possible to check the authenticity of the key. The public key was hard coded into the software. You can still go back in the git tree and find the commits where the key was in the code. The private key for the public key will be released. That public key for the private key can be derived and checked to see if it matches the public key that was hard coded. Here is one place the alert public key is hard coded: https://github.com/bitcoin/bitcoin/blob/0.12/src/chainparams.cpp#L104 That is the 0.12 branch of Bitcoin Core. I think what reputation attacks mean is, somebody that has a reputation in the bitcoin ecosystem (like Gavin Andressen for example) could use their key to push a certain agenda.
If nobody has the key, then nobody can do that sort of attack anymore.
Ahh. Yes, I did not think of that. Someone who holds the key could sign a message and post it somewhere claiming something which could be bad for Bitcoin. Because the key would still be held privately, the person who made that message could claim that the core devs want people to follow the signed message because people may think the key still holds some significance. By revealing the key publicly, this potential attack vector is completely removed. |
|
|
|
|
tee-rex
|
|
November 02, 2016, 07:05:00 PM |
|
So the thinking goes: if the key is still held secret after the alert system is dead, people may still think that it holds some special importance and can still be used as a centralizing trusted authority. The goal is to avoid this and to kill off any significance the key may have by publishing it publicly.
That makes sense provided that this key is the key. But really paranoid people could still claim that the key disclosed has nothing to do with the real Alert key, or whatever else it might have been used for. And because the whole system will already be dismantled by the time the key is released to the public, it won't be possible to check that. Maybe, I'm missing something here, and there are ways to actually prove the authenticity of the key even if the system has already been removed from Bitcoin. I just don't know, that's why I'm asking. Yes, in fact it is possible to check the authenticity of the key. The public key was hard coded into the software. You can still go back in the git tree and find the commits where the key was in the code. The private key for the public key will be released. That public key for the private key can be derived and checked to see if it matches the public key that was hard coded. Here is one place the alert public key is hard coded: https://github.com/bitcoin/bitcoin/blob/0.12/src/chainparams.cpp#L104 That is the 0.12 branch of Bitcoin Core. I think what reputation attacks mean is, somebody that has a reputation in the bitcoin ecosystem (like Gavin Andressen for example) could use their key to push a certain agenda.
If nobody has the key, then nobody can do that sort of attack anymore.
Ahh. Yes, I did not think of that. Someone who holds the key could sign a message and post it somewhere claiming something which could be bad for Bitcoin. Because the key would still be held privately, the person who made that message could claim that the core devs want people to follow the signed message because people may think the key still holds some significance. By revealing the key publicly, this potential attack vector is completely removed. So revealing the key to the public serves two purposes. First, it removes the existing suspicion that the key might have been used for something other than sending alerts to people (for example, arbitrarily changing difficulty). And, second, it eliminates the possibility of someone holding this key privately to sign a loaded message and thus negatively affect Bitcoin. Below is a part of the email that throws some light in regard to reputation attacks: It also had the problem of being unaccountable. No one can tell which of the key holders created a message. This creates a risk of misuse with a false origin to attack someone's reputation
That makes sense, after all. |
|
|
|
|
|
