new core nodes won't be sending witness data to old nodes.
That old data already does not get validated, so it's redundant to transfer it.
I dunno man, smells fishy.
No, really, that's what happens now. The sigs get kept, but "checkpointed" periodically (which presumably constitutes a hash of some set of the tx data such that it proves bulk sig validity up to the checkpoint), only some few thousands of the most recent sigs actually get individually verified by Bitcoin Core, it's been like that for a while. I can't remember how far apart the checkpoints are spaced, but there's some margin of safety involved. It's just impractical to verify the whole thing for a brand new chain download, at least with OpenSSL doing the verifying (not so in upcoming 0.12, which uses another long term project, the in-house libsecp256k library, which might turn out to be an important crypto library for other software)
Until security experts make such statements that is useless speculation. Average users can't really (correctly) tell if there are security risks involved. Let's wait for test net before drawing to conclusions.
I concur, you seems like an open person, just dont jump off to cheerleading this simply for the sake of an 'improvement'.
You'd probably be surprised at the changes you've not accounted for, although I know you're fairly knowledgeable about how Bitcoin works. You should know that we're not even running 2013 Bitcoin right now, let alone 2010 Bitcoin. And it's better like this, 0.11 is a significant improvement over 2 years ago.
But you're right to have conservative instincts about something that's already valuable as it is; Gavin and Mike have already demonstrated that well-meaning people can be misled to bcak a bonkers "improvement" scheme; I remember your palpable anger when people first started arguing for it publicly, I felt the same.
But I propose that Bitcoin does, can and should be changed over time to make best use of the technological resources available to it, made as available as is economically viable (chain security and decentralisation bound up in that property amongst other parts), and that the 1MB blocks design fulfills that right now (but is becoming seriously stretched also). And so at the risk of sounding slightly too much like VeritAss, I think the will of the overall community will end up alighting on the conservative approach that reflects, because we've demonstrated we're treating changes to Bitcoin very carefully, and so looking carefully at any significant proposals also.
And from what I've seen so far, people like Pieter Wuille are who you want for that conservative engineering task; if you want to abandon the verification checkpoints and scan your blockchain whole, wait till version 0.12, it'll be many, many times quicker (as well as half-way practical). Send your thanks to Pieter. (and gmaxwell)