📅 Original date posted:2015-09-30
📝 Original message:On Wed, Sep 30, 2015 at 10:17 PM, Jeff Garzik <jgarzik at gmail.com> wrote:
> It is correct that security is slightly reduced for full nodes that have not
> upgraded. It is not correct that the choice is binary, full node or SPV.
>
> Any user running a not-upgraded full node still retains protection against
> many attacks outside the subset related to the feature being introduced.
An extra way to look at this is that even absent any rule changes--
users who are asleep at the switch may lose effective security over
time because attackers learn new tricks against existing
vulnerabilities. Security requires a bit of vigilance, inherently.
In many specific cases I think it's hard-to-impossible to articulate a
concrete way that security is lost by users at all, excluding some
small amplification of orphan blocks.
On Wed, Sep 30, 2015 at 9:06 PM, Mike Hearn via bitcoin-dev
<bitcoin-dev at lists.linuxfoundation.org> wrote:
> and is trying to mine it, will keep producing invalid blocks forever until
> the owner shuts it down and upgrades.
This is the outcome guaranteed for absentee miners with a hard fork,
but it is not guaranteed for a soft fork.
> For instance, any miner that has modified/bypassed IsStandard() can do this,
Miners who have changed their code in inadvisable ways can produce
invalid blocks as a result. There are many seemingly innocuous ways
one can produce invalid blocks, and miners have stumbled on a few of
them over the years.
Pedantically, modifying IsStandard() will not have this effect:
Unknown NOPs are now handled via a script validation flag--
SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS. Experience (e.g. with
STRICTDER) has show that script validation flags are much more robust
to casual twiddling than IsStandard is.
The only way that script validation flags have been observed getting
bypassed in the field was a miner that had disabled all signature
validation completely (and whom had a not-completely-negligible amount
of hashpower. :( )... as it's a lot more clear that you might be
exposing yourself to trouble if you mess with the validation flags.
> runs an old node from before OP_NOPs were made non-standard.
IIRC; There is no released version of Bitcoin that has IsStandard
which has failed failed to treat the NOPs as non-standard.
There was a brief time in git master between when IsStandardness was
relaxed and NOPs were addressed via a validation flag but I am
reasonably confident that didn't make it into a release.
Regardless, anyone actually running that code of that vintage would
already be incompatible with the current network already due to prior
soft forks.
And as a matter of fact, invalid CLTVs don't currently appear to get
mined. Checking this again pre-release would be a good checklist item.
For prior soft-forks we've monitored and tested for this (with the
goal of going and yelling at any broken miners to fix their behavior).
Gregory Maxwell [ARCHIVE] /
npub1f2…crwet
2023-06-07 17:41:41
in reply to nevent1q…psmy
Author Public Key
npub1f2nvlx49er5c7sqa43src6ssyp6snd4qwvtkwm5avc2l84cs84esecrwetPublished at
2023-06-07 17:41:41Event JSON
{
"id": "88e3d2c5c8f632895cde2b70b36a349b7e10fedd534b9e86824b99d86e64a587",
"pubkey": "4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73",
"created_at": 1686159701,
"kind": 1,
"tags": [
[
"e",
"f5bb1bf208994917ac3ec4154383520df2a8573df815c54d28bae4e41ef024c8",
"",
"root"
],
[
"e",
"ed4160e41cf1897218f293b3faa7545c8909ca67707a58bd254c56d370a2190a",
"",
"reply"
],
[
"p",
"b25e10e25d470d9b215521b50da0dfe7a209bec7fedeb53860c3e180ffdc8c11"
]
],
"content": "📅 Original date posted:2015-09-30\n📝 Original message:On Wed, Sep 30, 2015 at 10:17 PM, Jeff Garzik \u003cjgarzik at gmail.com\u003e wrote:\n\u003e It is correct that security is slightly reduced for full nodes that have not\n\u003e upgraded. It is not correct that the choice is binary, full node or SPV.\n\u003e\n\u003e Any user running a not-upgraded full node still retains protection against\n\u003e many attacks outside the subset related to the feature being introduced.\n\nAn extra way to look at this is that even absent any rule changes--\nusers who are asleep at the switch may lose effective security over\ntime because attackers learn new tricks against existing\nvulnerabilities. Security requires a bit of vigilance, inherently.\n\nIn many specific cases I think it's hard-to-impossible to articulate a\nconcrete way that security is lost by users at all, excluding some\nsmall amplification of orphan blocks.\n\n\nOn Wed, Sep 30, 2015 at 9:06 PM, Mike Hearn via bitcoin-dev\n\u003cbitcoin-dev at lists.linuxfoundation.org\u003e wrote:\n\u003e and is trying to mine it, will keep producing invalid blocks forever until\n\u003e the owner shuts it down and upgrades.\n\nThis is the outcome guaranteed for absentee miners with a hard fork,\nbut it is not guaranteed for a soft fork.\n\n\u003e For instance, any miner that has modified/bypassed IsStandard() can do this,\n\nMiners who have changed their code in inadvisable ways can produce\ninvalid blocks as a result. There are many seemingly innocuous ways\none can produce invalid blocks, and miners have stumbled on a few of\nthem over the years.\n\nPedantically, modifying IsStandard() will not have this effect:\nUnknown NOPs are now handled via a script validation flag--\nSCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS. Experience (e.g. with\nSTRICTDER) has show that script validation flags are much more robust\nto casual twiddling than IsStandard is.\n\nThe only way that script validation flags have been observed getting\nbypassed in the field was a miner that had disabled all signature\nvalidation completely (and whom had a not-completely-negligible amount\nof hashpower. :( )... as it's a lot more clear that you might be\nexposing yourself to trouble if you mess with the validation flags.\n\n\u003e runs an old node from before OP_NOPs were made non-standard.\n\nIIRC; There is no released version of Bitcoin that has IsStandard\nwhich has failed failed to treat the NOPs as non-standard.\n\nThere was a brief time in git master between when IsStandardness was\nrelaxed and NOPs were addressed via a validation flag but I am\nreasonably confident that didn't make it into a release.\n\nRegardless, anyone actually running that code of that vintage would\nalready be incompatible with the current network already due to prior\nsoft forks.\n\nAnd as a matter of fact, invalid CLTVs don't currently appear to get\nmined. Checking this again pre-release would be a good checklist item.\nFor prior soft-forks we've monitored and tested for this (with the\ngoal of going and yelling at any broken miners to fix their behavior).",
"sig": "bf033f20942c16af7d3e7fb4af242dd31634ad4563acc3eae5554e0fc4d2f3909fa2b5759cfc96cef15783b2902ea64ab10f61eda1e034c304e3590533dad867"
}