Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
Add Developer Guide To Bitcoin.org #393
Conversation
saivann
and others
added some commits
May 10, 2014
|
This seems to confuse addresses with scriptPubKeys, as well as some fungibility concerns... It also uses the new abbreviation P2PH, where "p2pkh" has been more frequently used. The section on key reuse fails to mention known security risks, only mentioning security in a hypothetical context. DoS is improperly all uppercased. Also, contrary to the section on Stratum, GBT can and often does use a persistent TCP socket - although without a persistent session, which is perhaps what was intended. |
|
@luke-jr: Thanks for your feedback! scriptPubKeys / fungibility: If you can provide more details, or better, a pull req or suggested improvements, this would be appreciated. Key reuse & security risks: @mikehearn suggested we don't mention this risk since ECDSA public keys are secure (today). But I knew you and other developers would want it, so we opted for a non-alarmist and short version that wouldn't suggest ECDSA is insecure. But if there is any specific example you'd like mentioned, feel free to mention them here. P2PKH / DoS: That's fine with me, I can update all occurences. Stratum / GBT: I'll let others comment about this. |
|
@luke-jr thank you! Two notes in addition to @saivann's response: DOS is all uppercased to be consistent with the style used throughout the document which does not lowercase interior prepositions in captialized phrases. For example, see all the headings with prepositions. We can special case DoS or abbreviations in general, or (more radically) change the entire text and all the images. However, how do you feel about keeping the current consistent usage? Stratum/GBT: I'll make that update. |
|
What repository do I clone and send a merge request to? ECDSA public keys are not necessarily secure today, given multiple signatures. Just because we've worked around every possible exploit situation doesn't mean we should pass it off as if it has no known risks... Ignoring the risks exposes developers to them, so they need to be explicitly mentioned so developers know to avoid them. "DOS" is "Disk Operating System" |
|
@luke-jr You can clone and send pull requests to the devel-docs branch on this repository (bitcoin/bitcoin.org). Edit: preferably not too much unrelated change per pull request would work better. |
|
I'm all for mentioning the risks of poorly implementing ECDSA! But I think a blanket statement like "address reuse is bad for security" is very strong given the state of play, if I wasn't intimately familiar with the details and read this I'd be struggling to figure out how this is a problem, given the prevalence of multiple signatures and published public keys. The wider security community doesn't make any such security recommendations so it'd be weird if the Bitcoin world was not in sync with that. But I don't feel very strongly about this issue. If someone wants to write up an explanation of what can go wrong with ECDSA and note that avoiding pubkey reuse can sometimes mitigate those failures, I won't object. |
mikehearn
commented on an outdated diff
May 11, 2014
| @@ -0,0 +1,288 @@ | ||
| +## Contracts | ||
| + | ||
| +{% autocrossref %} | ||
| + | ||
| +By making the system hard to understand, the complexity of transactions |
mikehearn
Contributor
|
mikehearn
and 2 others
commented on an outdated diff
May 11, 2014
| @@ -0,0 +1,288 @@ | ||
| +## Contracts | ||
| + | ||
| +{% autocrossref %} | ||
| + | ||
| +By making the system hard to understand, the complexity of transactions | ||
| +has so far worked against you. That changes with contracts. Contracts are | ||
| +transactions which use the decentralized Bitcoin system to enforce financial | ||
| +agreements. | ||
| + | ||
| +Bitcoin contracts can often be crafted to minimize dependency on outside | ||
| +agents, such as the court system, which significantly decreases the risk | ||
| +of dealing with unknown entities in financial transactions. For example, | ||
| +Alice and Bob might only know each other casually over the Internet; | ||
| +they would never open a checking account together---one of them could | ||
| +pass bad checks, leaving the other on the hook. But with Bitcoin |
mikehearn
Contributor
|
mikehearn
commented on an outdated diff
May 11, 2014
| +Unfortunately, the merchandise gets slightly damaged in transit. Charlie | ||
| +wants a full refund, but Bob thinks a 10% refund is sufficient. They | ||
| +turn to Alice to resolve the issue. Alice asks for photo evidence from | ||
| +Charlie along with a copy of the unhashed redeemScript Bob created and | ||
| +Charlie checked. | ||
| + | ||
| +After looking at the evidence, Alice thinks a 40% refund is sufficient, | ||
| +so she creates and signs a transaction with two outputs, one that spends 60% | ||
| +of the satoshis to Bob's public key and one that spends the remaining | ||
| +40% to Charlie's public key. | ||
| + | ||
| +In the input section of the script, Alice puts her signature, a 0x00 | ||
| +placeholder byte, and a copy of the unhashed serialized redeemScript | ||
| +that Bob created. She gives a copy of the incomplete transaction to | ||
| +both Bob and Charlie. Either one of them can complete it by replacing | ||
| +the placeholder byte with his signature, creating the following input |
mikehearn
Contributor
|
This was referenced May 11, 2014
harding
added some commits
May 11, 2014
harding
referenced this pull request
May 13, 2014
Merged
Devel Docs: Add Comparison-Based Attacks To Reasons Not To Reuse Keys #395
|
@harding Hey! Just wanted to reach out and say BIG THANKS to you for working on this! :) You are the man! Thank you and @saivann both for putting this initiative together. This is going to be a big deal! Huge thanks also to @mikehearn and @luke-jr for helping polish this up! :) |
|
@gwb3 Thanks! All of us who worked on the docs are pleased with the result. There's still lots more work to be done to make this guide reasonably complete, so expect many more pull requests. :-) |
saivann
and others
added some commits
May 12, 2014
harding
referenced this pull request
May 17, 2014
Merged
Fix Images For Normal HD Key Derivation; Mention Ancestor Key Risk #408
saivann
added some commits
May 19, 2014
|
How about we get this merged? It can always be improved live. |
|
@mikehearn I think @saivann was planning on merging it on May 24th after asking for a final round of reviews. As the most recent bit of incorrect information in the guide was only discovered a few days ago (see #408), I think waiting another 5 days is reasonable. (Although I admit to being quite eager to see this on Bitcoin.org myself.) |
|
@mikehearn @harding Agreed, thanks! In the absence of critical feedback, this pull request will be merged on May 24th (Edit: 15:00:00 +0000). Additional feedback and reviews are welcome and appreciated. |
saivann
and others
added some commits
May 19, 2014
harding
referenced this pull request
May 22, 2014
Merged
Several Corrections & Clarifications Suggested On IRC #415
saivann
and others
added some commits
May 23, 2014
|
In anticipation of the merge tomorrow at 15:00 UTC, I made a local test merge and jekyll compile, and then ran some tests. Except for one tiny mistake (mine) fixed now in 32c8d59, everything looks good to me. |
|
Merging this! Huge thanks to @cbeams, @harding, @instagibbs, @mikehearn, and @tgeller for your work on making this possible! Additional issues and improvements can be reported as issues or pull request on GitHub. More general discussions can take place on the mailing list: |
saivann
added a commit
that referenced
this pull request
May 24, 2014
saivann
merged commit 2f17ee4
into
master
May 24, 2014
|
Amazing work guys. Really, really impressed by what you have accomplished. |
harding commentedMay 11, 2014
This pull request proposes to add to Bitcoin.org a Developer Guide providing the equivalent of 70 printed pages of introductions to key Bitcoin concepts.
A preview is available at: http://bitcoindev.us.to/en/developer-documentation
The Guide is not complete---there is much more we plan to write over the coming months---but the version in this pull request is internally consistent and reasonably comprehensive. In addition to the Guide, this pull request also includes a Developer Reference with 90 more pages of detailed technical material, such as RPC descriptions, and a portal page linking to the various sections of both the Guide and the Reference.
To keep comments on this pull request focused, we'd appreciate it if suggestions about possible future content or better ways to organize this information were made on our Content Suggestions Wiki Page, restricting comments on this pull request to only things which should be fixed or changed before merging.
If you want to help review but don't have time to read over 150 pages of text, we recommend that you review just one of the sections listed below, preferably one that hasn't been well-reviewed yet. We'll add your GitHub @ name to the Being Reviewed By column for any section where you leave a line comment, and add your name to the ACK column if you ACK any section.
If you leave a line comment or general comment for a particular section, we'd appreciate it if you ACK the section once it meets your expectations. We hope this will allow us to build consensus to merge without everyone having to read the entire text.
Many thanks are owed for the two months of work which went into this pull request. An incomplete, alphabetical list is: @cbeams, @harding, @instagibbs, @mikehearn, @saivann, and @tgeller.
TODO: