Author: Peter Todd 2023-08-10 20:58:00+00:00
Published on: 2023-08-10T20:58:00+00:00
The ability to "update the expiration" refers to tricking someone into thinking a new address came from Bob by modifying a donation address on a social media profile. This attack can occur regardless of whether or not expiration exists. To prevent funds from being wasted, if Bob has lost his keys, it is advisable for people sending funds to ask Bob for a new address. Sending money to Bob after his death raises the question of why people would continue to send him money. Expiration can prevent unintentional fraud in such cases. Expiration is more likely to prevent a loss of funds due to theft or fraud. If senders cannot find Bob's up-to-date address, it raises concerns about their due diligence in determining where they are sending funds. Updating an address should not be difficult for Bob since platforms like social media, webpages, and GitHub repositories allow for easy updates. The attacker in this scenario gains minimal information, as silent payment addresses already have a large k-anonymity set. Checksums function similarly to expiration in that neither is enforced by the consensus layer, but standardizing and enforcing them in the client solves the problem in almost all cases.
Updated on: 2023-08-11T01:51:14.774471+00:00