[CFRG] Bitcoin delenda est. Was: Escalation: time commitment to fix *production* security bugs for BLS RFC v4?

Phillip Hallam-Baker <phill@hallambaker.com> Mon, 26 April 2021 17:28 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 405153A2A35 for <cfrg@ietfa.amsl.com>; Mon, 26 Apr 2021 10:28:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Z4b9hOhUxrOY for <cfrg@ietfa.amsl.com>; Mon, 26 Apr 2021 10:28:51 -0700 (PDT)
Received: from mail-yb1-f170.google.com (mail-yb1-f170.google.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 050203A29F8 for <cfrg@irtf.org>; Mon, 26 Apr 2021 10:28:50 -0700 (PDT)
Received: by mail-yb1-f170.google.com with SMTP id i4so28283080ybe.2 for <cfrg@irtf.org>; Mon, 26 Apr 2021 10:28:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8pjiPgRs09NZL5lNYaxpqM0EeB3jnUH5tbtkYgDbqD8=; b=m/LA8m/fW4QBux/mgWWlZVZe9srD/eV4t1ueaV5diPImDoc8tdU6bX8JVJELc2Epcg aML9VmmRKWE/Lc16NQ30WWkXBEALzxd0rfm42vzF5SH3ec1rtQCKuBxy992u0X7/VBzI jFLRd1Gwt2A0boDFhvbSAF4aEdrhFvYlPfLv2XuF9E56+QKCOu88cDAtZhKEG8knzfJW iHd9dVmRhuEr8Ojykdwps2VUoFIjqUayuKpz4bn8mqlmPf1JoVjdq9yUce2a0tdBDXNH P2PiixmIArPAhCH9GKjONFnFbXOmHnhF4YlNqmuIeTXgRpikm7lQQMpWLExlBZvovm4y CatA==
X-Gm-Message-State: AOAM531FDkXPeqdsYANRC+JlOQNmAXPvnZCzgQnSq4iR1cuHXm2RJa7i QhvumUdyPNH0mFRqpHLg6MxInaLYX+2nFDJzWa4=
X-Google-Smtp-Source: ABdhPJxpzmYusC94Zh6rvP87mo/STpn/vvxF2f8SZ5SOdHAPv8eoY7R+L+5+xmZW+rGoyu8XS1H0/anSUYhvAjQNaJU=
X-Received: by 2002:a25:bc0b:: with SMTP id i11mr17706940ybh.56.1619458130044; Mon, 26 Apr 2021 10:28:50 -0700 (PDT)
MIME-Version: 1.0
References: <CAAEB6g=tU=MF1_QKduEN55ft0rWe+7x0wBbywS083fJrjzP=XA@mail.gmail.com> <20210423195504.d6f74x4jsdrzagcc@muon> <CAAEB6g=dcsRKz6zm7F15F-uZ7Zfi_qF06KwQXmrireKEKZYHFg@mail.gmail.com> <49ca86ec6409217d60e3f2e94e3090ef2b571f80.camel@loup-vaillant.fr> <A1765592-7AF7-4F3A-8B22-C5BD6C059A7C@akamai.com>
In-Reply-To: <A1765592-7AF7-4F3A-8B22-C5BD6C059A7C@akamai.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Mon, 26 Apr 2021 13:28:39 -0400
Message-ID: <CAMm+LwjKV3xT_2StxzL4X3BCeTpvwJBMmFMLQUw66xhQNkDNZA@mail.gmail.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Cc: Loup Vaillant-David <loup@loup-vaillant.fr>, Quan Thoi Minh Nguyen <msuntmquan@gmail.com>, "Riad S. Wahby" <rsw@jfet.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="00000000000091e9aa05c0e37a24"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ICkKmQOtp3Dtp8IFlgaIssqaO5Y>
Subject: [CFRG] Bitcoin delenda est. Was: Escalation: time commitment to fix *production* security bugs for BLS RFC v4?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Apr 2021 17:29:01 -0000

As a human being living on a planet threatened by environmental damage from
CO2 emissions, I am strongly opposed to any IETF work to support any form
of purported 'cryptocurrency' that relies on any form of 'proof of work' or
'proof of waste'.

The electricity requirements of cryptocurrencies have been larger than that
of entire countries. This is an experiment that it is time to stop.

I am entirely serious in this position.

Besides the environmental issues, there is the fact that the
crypto-currency community has consistently failed to establish any
effective means of preventing the endemic frauds in their systems.
Fraudulent exchanges regularly steal money from their customers.
Applications developed by individuals with minimal expertise are used for
transfers of vast quantities of fictional cash with no effective oversight
and this results in further frauds.

The cryptocurrency community has a long history of misrepresenting the
engagement of parties with established reputations as endorsing their
'product'. And this presents real risk to the IETF when the least
objectionable use of the product in question is to evade currency controls.
Cryptocurrency became popular as a means of paying for illegal drugs and
has since become the enabler for ransomware.

The cryptocurrency world has no shortage of people who will trash anyone
criticizing their activities as 'stupid', 'uninformed', 'need to do some
research'. Fine, let them sort their own messes out.

IETF should take no action that risks a headline 'IETF endorses
cryptocurrency'. If the ransomware, child abuse and Ponzi scheme industries
have a problem as a result of a bad technology decision, we should not lift
a finger to save them.

The only conversations I want to have on cryptocurrencies is with
government regulators looking for ways to regulate these criminal
facilitation enterprises out of existence as they previously did with
eGold, Gold Age and BTC's very long line of predecessors which like BTC
were entirely different but completely the same.

On Sat, Apr 24, 2021 at 10:57 AM Salz, Rich <rsalz=
40akamai.com@dmarc.ietf.org> wrote:

> >    There may be one way: holding implementers accountable.
> >    They relied on a draft. As such, they took a gamble. Now they lost
> that
>     gamble, and gambling ethics dictates that they pay up.
> Yes.  Strongly agree that this is the best approach.  This is a *DRAFT*
> It would be like implementing Rijndael and then complaining that it has
> bugs and isn't AES.
> Contact the people who developed and put things into production.
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg