6

Since we established the alert system is included in the official client, I would like to know who can trigger the alert system, and how?

Can this system be spammed (activated 1000s times per second) thus disabling any use of the client? (Because he would get annoying popups all the time)

Community
  • 1
ripper234
  • 26,550
  • 30
  • 111
  • 246

2 Answers2

5

Just got confirmation that Satoshi passed the signing key to Gavin before he retired, so at present only Gavin (and Satoshi if he ever returns) is able to send out alerts.

David Perry
  • 14,378
  • 5
  • 62
  • 99
2

"Alert messages are signed with a private key that only I have." - Satoshi Nakamoto

Such a spam would be pretty pointless. It would take only a few hours at most before the alert system was disabled.

David Schwartz
  • 51,554
  • 6
  • 106
  • 178
  • Is this still true? Does only Satoshi have the key? How do you know?

    It wouldn't take hours to disable it, because everyone (or a significant chunk of people) would need to upgrade to the new client.

    It is my impression that the alert system in its present form is obsolete and should be removed.

     – ripper234 Sep 08 '11 at 05:46
  • 1
    I find it problematic that a p2p system still has a secret backdoor (even though it doesn't do much) owned by one individual, whose identity is secret. I would like for this to be removed / replaced with something more transparent. – ripper234 Sep 08 '11 at 05:47
  • 1
    Satoshi said only he has the key. We have no way to know if that's true or not. I don't see why everyone would need to upgrade. Only people who were using the GUI version of the client and needed to do transactions would need to update. It's not like the network would be harmed by people who weren't monitoring their clients. Also, once many nodes stop passing alerts, many will stop getting them. And I bet a patch to add a '-noalert' option to the client would be accepted. But this is kind of a non-issue -- it's something that could happen exactly once. – David Schwartz Sep 08 '11 at 05:56
  • So you don't think it's obsolete? I would move this discussion to Chat, but we only get that option after a long comment thread. – ripper234 Sep 08 '11 at 06:01
  • 1
    I agree that it's obsolete as implemented. It is a good idea to have some mechanism to say "this version has security problems", but the key should be held by the current development leads (since they're the ones who will respond to a problem) and there should be a simple option to disable it (for those who choose not to trust them) without changing the code and recompiling. – David Schwartz Sep 08 '11 at 06:15
  • 1
    It's definitely a feature that, if implemented well; could be very beneficial. IMO it's not a major priority, nor is it a major risk. – Alex Waters Sep 08 '11 at 06:37