I was merely describing that the only failure mode of using "post-split
coinbases from the legacy chain" as seedcoins for cointainting purposes would
be a resolution of the coinsplit, thereby rendering the cointainting redundant,
therefore this would be an entirely safe approach to cointainting, as the only
way coins could become untainted (and therefore subject to the threat of replay
attacks) would coincide with a disappearance of the situation that gave rise to
such replay attacks in the first place. This should sufficiently answer your
concerns regarding lack of replay protection in case of medium-to-long-term
chainsplits in general. If you fail to grok, please read again until you don't.
Sent with [ProtonMail](https://protonmail.com) Secure Email.
-------- Original Message --------
Subject: Re: [bitcoin-dev] Replay attacks make BIP148 and BIP149 untennable
Local Time: June 7, 2017 3:38 AM
UTC Time: June 7, 2017 12:38 AM
From: cont...@taoeffect.com
To: Kekcoin <kekc...@protonmail.com>
Anthony Towns <a...@erisian.com.au>, bitcoin-dev@lists.linuxfoundation.org
<bitcoin-dev@lists.linuxfoundation.org>
Please read my email more carefully; the replay threat would be moot because
there would be no alternative chain to replay the TX on,
In order to *get to that point*, you need >51%.
Not only that, but, if you started out with <51%, then you need >>51% in order
to *catch up* and replace the large number of blocks added to the legacy chain
in the mean time.
So, since >51% is _required_ for BIP148 to succeed (and likely >>51%)... you
might as well do as SegWit did originally, or lower the threshold to 80% or
something (as BIP91 does).
Without replay protection at the outset, BIP148, as far as I can tell, isn't a
threat to miners.
--
Please do not email me anything that you are not comfortable also sharing with
the NSA.
On Jun 6, 2017, at 5:29 PM, Kekcoin <kekc...@protonmail.com> wrote:
Please read my email more carefully; the replay threat would be moot because
there would be no alternative chain to replay the TX on, as the non-148 chain
would have been reorganized into oblivion.
Sent with [ProtonMail](https://protonmail.com/) Secure Email.
-------- Original Message --------
Subject: Re: [bitcoin-dev] Replay attacks make BIP148 and BIP149 untennable
Local Time: June 7, 2017 3:26 AM
UTC Time: June 7, 2017 12:26 AM
From: cont...@taoeffect.com
To: Kekcoin <kekc...@protonmail.com>
Anthony Towns <a...@erisian.com.au>, bitcoin-dev@lists.linuxfoundation.org
<bitcoin-dev@lists.linuxfoundation.org>
I don't know what you mean by "render the replay threat moot."
If you don't have replay protection, replay is always a threat. A very serious
one.
--
Please do not email me anything that you are not comfortable also sharing with
the NSA.
On Jun 6, 2017, at 5:19 PM, Kekcoin <kekc...@protonmail.com> wrote:
Hmm, that's not the difference I was talking about. I was referring to the fact
that using "post-chainsplit coinbases from the non-148 chain" to unilaterally
(ie. can be done without action on the 148-chain) taint coins is more secure in
extreme-adverserial cases such as secret-mining reorg attacks (as unfeasibly
expensive they may be); the only large-scale (>100 block) reorganization the
non-148 chain faces should be a resolution of the chainsplit and therefore
render the replay threat moot.
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
