Author: Eric Voskuil 2017-05-26 08:15:56
Published on: 2017-05-26T08:15:56+00:00
Cameron Garnham, a Bitcoin supporter, has posted on the Bitcoin-dev mailing list about his proposal to use SegWit as a partial-mitigation of CVE-2017-9230 (ASICBOOST), which is a security vulnerability that is currently being exploited. Cameron believes that activating SegWit would partially mitigate ASICBOOST and also help in identifying any block that doesn't include a witness commit in its coinbase transaction, which was mined using covert ASICBOOST. This would make the use of covert ASICBOOST more conspicuous. Andreas Antonopoulos has expressed his preference for Gregory Maxwell's proposal to defuse covert ASICBOOST only with a SegWit-like commitment to the coinbase, which does not obligate miners to signal or implement SegWit and hence disarms any suspicion that the issue is being exploited only to activate SegWit. However, Cameron is confident that his proposal is not contentious, and argued that both SegWit and the CVE-2017-9230 should be regarded as credible security vulnerabilities that require attention. He believes that the quicker option is the swiftest viable option, and the security trade-offs of deploying a partial-mitigation to CVE-2017-9230 quickly versus more slowly but more conservatively are under intense debate.
Updated on: 2023-06-12T01:21:26.083787+00:00