Re: [bitcoin-dev] Treating ‘ASICBOOST’ as a Security Vulnerability

2017-05-18 Thread Ryan Grant via bitcoin-dev
On Thu, May 18, 2017 at 9:44 AM, Cameron Garnham via bitcoin-dev wrote: > 3. We should assign a CVE to the vulnerability exploited by ‘ASICBOOST’. > > ‘ASICBOOST’ is an attack on this Bitcoin’s security assumptions and > should be considered an exploit

Re: [bitcoin-dev] Treating ‘ASICBOOST’ as a Security Vulnerability

2017-05-18 Thread Tier Nolan via bitcoin-dev
On Thu, May 18, 2017 at 2:44 PM, Cameron Garnham via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > 1. Significant deviations from the Bitcoin Security Model have been > acknowledged as security vulnerabilities. > > The Bitcoin Security Model assumes that every input into the

Re: [bitcoin-dev] Treating ‘ASICBOOST’ as a Security Vulnerability

2017-05-18 Thread James Hilliard via bitcoin-dev
Locking the lower bits on the timestamp will likely break existing hardware that relies on being able to roll ntime. On Thu, May 18, 2017 at 8:44 AM, Cameron Garnham via bitcoin-dev wrote: > Hello Bitcoin Development Mailing List, > > I wish to explain why

[bitcoin-dev] Treating ‘ASICBOOST’ as a Security Vulnerability

2017-05-18 Thread Cameron Garnham via bitcoin-dev
Hello Bitcoin Development Mailing List, I wish to explain why the current approach to ‘ASICBOOST’ dose not comply with our established best practices for security vulnerabilities and suggest what I consider to be an approach closer matching established industry best practices. 1.